BY ZAFIRAH ZAFRUDDIN

IOMETRICS and Building Automation Systems( BAS) are revolutionising security and efficiency. However, their prevalence makes them prime targets for cyberattacks. As reliance on these technologies grows, so do the risks.

Breaches of these systems can lead to irreversible data leaks and operational disruptions, underscoring the need for robust cybersecurity defences.

A recent report from the Kaspersky Industrial Control Systems Cyber Emergency Response Team( ICS CERT) has played a crucial role in highlighting these concerns. It has identified biometrics and BAS as the most frequently targeted industries within Operational Technology( OT) in early 2025.

The global impact of these threats is significant. The report reveals that malicious attempts were blocked on 21.9 per cent of ICS computers globally. When examining the data regionally, this percentage varied, ranging from 10.7 per cent in Northern Europe to as high as 29.6 per cent in Africa.

Attacks were most prevalent in the biometrics sector, with 28.1 per cent of ICS computers affected. BAS followed closely at 25 per cent.

Other targeted sectors include electric power facilities( 22.8 per cent), construction facilities( 22.4 per cent) and engineering equipment( 21.7 per cent). Oil and gas facilities( 17.8 per cent) and manufacturing( 17.6 per cent) were also key targets.

OT CYBER THREATS

In the first quarter( Q1) of 2025, internetbased cyber threats significantly impacted OT systems. Threats were blocked on over 10.1 per cent of ICS computers. Other significant threat sources found include email clients, at 2.81 per cent, and removable media,

such as external hard drives, at 0.52 per cent.

A wide range of malicious content was detected, with variations observed across different regions.

Kaspersky ICS CERT Head Evgeny Goncharov stated:“ The main categories of threats from the internet are denylisted internet resources, malicious scripts and phishing pages. Malicious scripts and phishing pages are the leading category of malware used for the initial infection of ICS computers.

“ They act as droppers of next-stage malware, such as spyware, crypto miners and ransomware.”

■ Malicious Scripts and Phishing Pages: Attacks impacted 7.16 per cent of ICS computers. Southern Europe( 10.31 per cent), Africa( 10.14 per cent), and the Middle East( 9.58 per cent) led in the number of blocked attempts.

■ Denylisted Internet Resources: Affected 5.12 per cent of all ICS systems globally, with the highest frequency of blocking in Africa( 6.21 per cent), Russia( 5.6 per cent), and Central Asia( 5.5 per cent).

■ Spyware( spy trojans, backdoors, and keyloggers): Detected on 4.20 per cent of all monitored ICS computers, with the highest regional concentrations in Africa( 7.05 per cent), Southern Europe( 6.52 per cent), and the Middle East( 6.25 per cent).

UNVEILING THE TRENDS: Blocked malicious objects on ICS computers, Q1 2025.( Source: Kaspersky ICS CERT report)

Evgeny Goncharov

■ Malicious Documents: Blocked on 1.85 per cent of ICS systems. Southern Europe( 4.02 per cent), Latin America( 3.3 per cent), and the Middle East( 2.7 per cent) reported the most instances.

■ Viruses: Globally, 1.53 per cent of ICS systems experienced a virus attack, predominantly in Southeast Asia( 8.68 per cent), Africa( 3.87 per cent), and East Asia( 2.85 per cent).

■ Worms: Blocked on 1.31 per cent across all monitored ICS computers. Attempts were found in Africa( 3.65 per cent), Central Asia( 2.79 per cent), and the Middle East( 1.99) per cent.

■ Miners: In the form of executable files for Windows, miners were blocked at a relatively low rate of 0.78 per cent. Central Asia( 1.72 per cent), Russia( 1.04 per cent), and Eastern Europe( 0.85 per cent) recorded the highest number of blocked attempts.

■ Ransomware: Encountered on 0.16 per cent of all ICS computers. Attempts were most frequent in East Asia( 0.32 per cent), the Middle East( 0.30 per cent), and Africa( 0.25 per cent).

BOLSTERING OT DEFENSE

“ The rise in internet-based attacks on ICS highlights the critical need for advanced threat detection to counter sophisticated malware campaigns,” said Goncharov.

Effective OT defence requires a specialised approach. Kaspersky experts have outlined specific measures for protecting OT computers:

■ Regular Security Assessments: Conduct regular assessments of OT systems to identify and address potential vulnerabilities.

■ Continuous Vulnerability Management: Dedicated tools, such as Kaspersky Industrial Cybersecurity, can provide actionable insights.

■ Timely System Updates: Apply security patches promptly to ensure optimal system performance and security.

■ Deploying EDR Solutions: EDR solutions, such as Kaspersky Next EDR Expert, aid in detecting sophisticated threats.

■ OT Security Training: Equip IT security staff and OT personnel with the skills necessary for incident prevention and response.

Ultimately, the trajectory of Q1 2025 cyber activity underlines a clear critical truth: advanced threat detection will be paramount in safeguarding industrial systems. @ ND