Kaspersky has reported a surge in attacks on industrial control system (ICS) computers in Russia and surrounding countries. The cybersecurity firm’s latest ICS threat landscape report, which focuses on the second half of 2022, shows that 40.6% of global devices protected by its products are being targeted. This is a slight increase compared to 2021 (39.6%) and 2020 (38.6%).
The most significant increase in H2 2022 was seen in Russia, where attacks increased by nine percentage points, with 39.2% of the ICS computers in the country being targeted. Kaspersky has linked this surge to an increase in the percentage of ICS devices on which its products blocked malicious scripts and phishing pages. The company believes this is driven by the exploitation of a vulnerability affecting a content management system (CMS) known as CVE-2022-27228.
Bitrix24 released patches for the vulnerability in March 2022. In addition to Russia, ICS computers in countries such as Belarus, Kyrgyzstan, Uzbekistan and Kazakhstan have been increasingly targeted with malicious scripts and phishing pages as a result of CVE-2022-27228 exploitation against websites powered by the Bitrix CMS.
Kaspersky states that the increase in attacks is largely due to a surge in the activity of potentially dangerous advertising platforms. It appears that CVE-2022-27228 exploitation is opportunistic and Russia is significantly impacted because the Bitrix product is widely used in the country, rather than someone specifically exploiting the vulnerability to target Russia.
In conclusion, Kaspersky has reported a surge in attacks on industrial control system (ICS) computers in Russia and surrounding countries, and the company has linked it to increased exploitation of a vulnerability affecting a content management system (CMS). The exploited vulnerability, tracked as CVE-2022-27228, affects the ‘Polls, Votes’ module of the Bitrix Site Manager application, and Bitrix24 released patches for the vulnerability in March 2022. The increase in attacks is primarily due to malicious scripts and phishing pages, and Kaspersky believes this surge is driven by a surge in the activity of potentially dangerous advertising platforms.
Key Points:
• Kaspersky reported a surge in attacks on ICS computers in Russia and surrounding countries.
• The surge is linked to increased exploitation of a vulnerability affecting a content management system (CMS).
• The exploited vulnerability is tracked as CVE-2022-27228 and was patched by Bitrix24 in March 2022.
• The increase in attacks is primarily due to malicious scripts and phishing pages, and is driven by a surge in the activity of potentially dangerous advertising platforms.