Hackers attacked 39.3 per cent of computers used in oil and gas, energy, automotive manufacturing, building automation infrastructures, and others in Nigeria, other countries in Africa, Middle East, and Turkey, according to a report by Kaspersky.
The report stated that from January to September 2022, computers in the industrial control systems environment were attacked using multiple means.
It revealed that in Nigeria, various types of malicious objects were blocked on 38.7 per cent of ICS computers between January – September 2022. It said, “In Nigeria, various types of malicious objects were blocked on 38.7 per cent of ICS computers between January- Sep 2022.
“Of these, 19.4 per cent came from the Internet and 3.5 per cent of attacks were made through email clients. 10.7 per cent of attacks were conducted through removable media.”
The report further revealed that during the three quarters of 2022 in the META region, ICS computers in the oil and gas sector faced attacks most often (39.3 per cent of them got attacked) with those on building automation systems coming in second place (38.8 per cent of ICS computers in this sector were targeted), and the energy sector third (with 36.8 per cent of computers affected).
The firm said, “In the META region, malicious objects were blocked on 38 per cent of ICS computers in the region that were protected by Kaspersky solutions, according to Kaspersky ICS CERT statistics.
“Globally the share of ICS computers with blocked malicious objects stands at 31.8 per cent. APT attacks on industrial systems are expected to get even more sophisticated in the coming months.
“ICS computers are used in oil & gas, energy, automotive manufacturing, building automation infrastructures and other spheres to perform a range of OT functions – from the workstations of engineers and operators to supervisory control and data acquisition servers and human machine interface.
“Cyberattacks on industrial computers are considered to be extremely dangerous as they may cause material losses and production downtime for the controlled production line and even the facility as a whole. Moreover, industrial enterprises put out of service can seriously undermine a region’s social welfare, ecology and macroeconomics.”
The Kaspersky Industrial Control Systems Cyber Emergency Response Team expert, Vladimir Dashchenko, added, “The period of global instability provokes global semiconductor shortage. In turn, that causes companies to lower their budgets on cybersecurity, which becomes a critical issue in 2022-2023, especially in view of the evolving threat landscape. Critical industrial infrastructure solutions will be a new target for cybercrime.”
According to the firm, the remainder of 2022 and 2023 would witness a rise of ransomware in ICS environments.
Recently, a report from Group-IB, a cybersecurity firm, entitled, ‘OPERA1ER: Playing God without permission,’ in collaboration with the researchers from Orange CERT Coordination Center disclosed that a gang of hackers, OPERA1ER, stole at least $11m from companies in Nigeria, Benin, Cameroon, 11 other African countries, and Argentina.
Commenting on the development, an ICT expert and Senior Partner of e86 Limited, Olugbenga Odeyemi, said, “If such attacks are not engineered to get money out of the victims, they are designed to include the victims’ computers in a much larger attack against other targets.
“As we enter a new year, organizations need to review their IT budgets to reflect the current realities. As they plan to upgrade technologies and equipment, they must plan to upgrade staff welfare too, humans remain the weakest link in technology.”