Industries in Africa face increased cyber threats than global peers—Kaspersky

• Across Africa, malicious scripts, phishing pages, Trojans, spyware, and miners are increasing in number and frequency. The continent had the highest percentage of spyware blocked, a Kaspersky survey shows.
• Legacy systems that lack modern security features and critical infrastructure in remote areas can make it difficult to monitor and secure assets effectively.
• Kaspersky says attacks were detected on 40.3% of Industrial Control System (ICS) computers in Africa. The top industries were energy, engineering & integration, and building automation. 

Across Africa, malicious scripts, phishing pages, Trojans, spyware, and miners are increasing in number and frequency. What’s more, a new report by cybersecurity giant Kaspersky shows that crypto miners can lead to denial of service for some components of automated control systems.

Kespersky survey shows that Industrial Control System (ICS) computers in Africa received more cyber attacks in the six months to June 2023, exposing the rising cybersecurity risks across the continent that could jeopardize industries.

According to the ICS CERT landscape report, these attacks were detected on 40.3 per cent of ICS computers on the continent placing Africa first among other regions.

The report revealed that malicious objects of all types were detected and blocked with top industries under attack indicated as energy (45 per cent), engineering & integration (44 per cent) and building automation (40 percent). All these attacks were blocked after detection.

Why ICS computers are important

Industrial Control Systems (ICS) are an integral part of the industrial infrastructure. These systems include Distributed Control Systems (DCS), Supervisory Control and Data Acquisition systems (SCADA), Programmable Logic Controllers (PLC), and devices such as remote telemetry units (RTU).

Smart meters, and intelligent field instruments, including remotely programmable valves and intelligent electronic relays also fall under this category.

While sharing basic constructs with Information Technology (IT) business systems, ICSs are technically, administratively, and functionally more complex and unique than business IT systems.

ICSs are an integral part of electric power, oil, water, gasoline, chemicals, and manufacturing industry. They are also deployed in the mining, transportation, and food processing among other sectors for providing control and safe shutdown of the processes in these facilities.

This means that industrial control systems possess sensitive data and are responsible for the functioning of the most important sectors.

ICS computers perform a range of operational technology (OT) functions – from the workstations of engineers and operators to supervisory control and data acquisition (SCADA) servers and Human Machine Interface (HMI).

“Africa’s industrial landscape is diverse, ranging from large-scale mining operations to small-scale agriculture. This means that ICS cybersecurity solutions need to be adaptable to various sectors and technologies,” Head of Kaspersky ICS CERT Evgeny Goncharov said.

Also Read: Allianz Risk Barometer 2023: Top threats for Kenyan Businesses

Cyber threats to Africa’s industries

Cyberattacks on industrial computers are considered to be extremely dangerous. This is because they may cause material losses and production downtime for the controlled production line or even entire plants. Moreover, industrial enterprises put out of service can seriously undermine a region’s social welfare, ecology and macroeconomics.

An analysis of the most significant and targeted threats detected on ICS computers in selected countries of Africa in the first half of 2023 shows that the threat landscape can vary between countries. It also varies between industries due to the differences in the security maturity of different countries/industries and the current focus of threat actors.

In South Africa, malware was detected and blocked on 29.1 per cent of ICS computers in the half to June. In Nigeria, malware accounted for 32.6 percent, while in Kenya it was on 34.5 percent of machines.

A low-risk attack on IT infrastructure can still be a significant threat to operational technology (OT). While overall, the threat types that find their way to ICS computers remains relatively the same, there is a rise in the share of ICS computers facing malicious scripts and phishing pages along with Trojans, spyware and miners, which would be normally delivered by the malicious scripts.

“Crypto miners are generally overlooked as a significant threat, which is not a good approach. While the influence of miners on the office network may be insignificant, in the course of their work and distribution, they can lead to the denial of service for some components of the automated control system,” security expert at Kaspersky Kirill Kruglov said.

Denylisted internet resources

In the half, Africa had the highest percentage of ICS computers on which spyware was blocked (9.8 percent). The Middle East and Southeast Asia had similarly high percentages (8.3 per cent and 8.1 per cent). The global average stands at 6.1 per cent.

Africa registered highest percentage of ICS computers (14.8 per cent) on which attacks from denylisted internet resources were blocked. The global average is 11.3 per cent. Denylisting is a security capability that reduces harmful security attacks by denying access to listed elements

Viruses and worms spread across ICS networks by means of removable media, shared folders, infected files, such as backups, and network attacks on outdated software.

The percentage of ICS computers on which worms were detected in Africa at 7 percent. In comparison, the global average of 2.3 per cent makes Africa the leader by percentage of ICS computers on which threats were detected after removable devices were connected.

“In some regions, legacy ICS systems that lack modern security features are still in use. These systems are often more vulnerable to cyber threats and require significant upgrades. Additionally, some critical infrastructure in Africa is located in remote areas with limited connectivity, which can make it difficult to monitor and secure ICS assets effectively,” Head of Kaspersky ICS CERT Evgeny Goncharov noted.

Protecting systems from cyber threats

According to Kaspersky, firms need to conduct regular security assessments of OT systems to identify and eliminate possible cyber security issues. This way, they can also establish continuous vulnerability assessment and triage as a basement for an effective vulnerability management process.

Additionally, firms need to perform timely updates for the key components of the enterprise’s OT network; applying security fixes and patches or implementing compensating measures as soon as it is technically possible is crucial for preventing a major incident that might cost millions due to the interruption of the production process.

They also need to improve their response to new and advanced malicious techniques by building and strengthening their teams’ incident prevention, detection, and response skills. Dedicated OT security training for IT security teams and OT personnel is one of the key measures helping to achieve this.

“By understanding these risks, organizations can make informed decisions, allocate resources wisely, and efficiently fortify their defenses. In doing so, they not only protect their bottom line but also contribute to a safer and more secure digital ecosystem for all,” Goncharov noted.

Read Also: Africa’s cybersecurity challenges: An urgent call to arms