Full Report
The percentage of ICS computers on which malicious scripts and phishing pages as well as ransomware were blocked continued to increase.
Analysis Summary
# Industry News: Rising Malicious Script and Ransomware Activity in Industrial Control Systems (ICS)
## Summary
The latest threat landscape report for Q4 2024 reveals a sustained upward trend in the percentage of Industrial Control Systems (ICS) computers targeted by malicious scripts, phishing pages, and ransomware. These findings highlight a growing convergence between traditional IT-based attack vectors and operational technology (OT) environments, signaling a heightened state of risk for global industrial infrastructure.
## Key Details
- **Date:** March 17, 2025 (Reporting on Q4 2024 data)
- **Companies Involved:** Kaspersky ICS CERT (Primary Reporter), Global Industrial Sector
- **Category:** Market Analysis & Threat Intelligence
## The Story
The Kaspersky ICS CERT report identifies a concerning trajectory in the industrial sector: attack surfaces are expanding as industrial automation systems become increasingly integrated with web services. The data shows that the volume of blocked malicious scripts and phishing attempts—traditionally viewed as "enterprise" threats—is now a dominant factor in the OT threat landscape. Most notably, the data confirms an increase in ransomware detections on ICS computers, suggesting that threat actors are becoming more successful at penetrating the perimeter to reach high-value industrial assets. This shift is driven by the modernization of factories and utilities (Industry 4.0), which provides more entry points for cybercriminals.
## Business Impact
### For the Companies Involved
- **Security Vendors:** Firms like Kaspersky and its competitors see a surge in demand for specialized OT security solutions that provide visibility into both the network and endpoint levels of industrial environments.
### For Competitors
- **Strategic Pivot:** Managed Security Service Providers (MSSPs) and industrial automation competitors must accelerate the integration of "Active Defense" features to keep pace with the increasing sophistication of multi-stage script-based attacks.
### For Customers
- **Operational Risk:** Manufacturers and utility providers face higher potential for unplanned downtime and production losses as ransomware moves closer to the "shop floor."
- **Increased Costs:** Organizations must increase capital expenditure for OT-specific security audits and legacy system hardening.
### For the Market
- **Insurance Volatility:** The rise in ransomware success rates within ICS environments is likely to drive up premiums for cyber insurance or result in stricter "due diligence" requirements for industrial firms to qualify for coverage.
## Technical Implications
The reports underscore the effectiveness of "Living off the Land" (LotL) techniques—using legitimate scripts and tools to bypass signature-based defenses. The increase in phishing and script-based attacks indicates that attackers are prioritizing the theft of credentials and initial access, likely to facilitate the high-impact ransomware deployment observed in the data.
## Strategic Analysis
- **Market Positioning:** Kaspersky reinforces its position as a leader in OT threat intelligence, leveraging its global telemetry to provide early warnings of industrial shifts.
- **Competitive Advantage:** Real-time visibility into the intersection of web-based threats and industrial protocols is becoming the "gold standard" for the industry.
- **Challenges:** The primary obstacle remains the "air-gap" myth; many organizations still underestimate the connectivity of their ICS computers, leaving them exposed to web-borne malicious scripts.
## Industry Reactions
- **Analyst Opinions:** Market analysts note that the rise in phishing-linked ICS attacks highlights a desperate need for OT-specific security awareness training, which has historically been neglected compared to corporate employee training.
- **Market Response:** There is a growing trend toward "Secure-by-Design" mandates in industrial procurement processes, as buyers realize they cannot secure vulnerable legacy systems with software alone.
## Future Outlook
- **Predictive Trends:** Expect a move toward "Zero Trust" architectures in OT environments, where even internal ICS scripts are treated with suspicion.
- **What to watch for:** Watch for increased regulatory pressure (such as NIS2 in Europe) to force industrial operators to report "near-miss" script-based attacks before they escalate to full-scale ransomware events.
## For Security Professionals
Practitioners should prioritize the following:
1. **Script Monitoring:** Implement strict controls on script execution engines (PowerShell, JS) in OT environments.
2. **Phishing Defense:** Extend enterprise-grade email security and browser isolation to any ICS-adjacent workstations with internet access.
3. **Backup Integrity:** Ensure that offline backups exist for OT configurations, as ransomware targeting these systems can bypass standard synchronized backups.