Home / Reports

Reports

Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks

07 April 2021

An incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.
APT attacks on industrial companies in 2020

29 March 2021

Since 2018, Kaspersky ICS CERT has published annual summaries of advanced persistent threat (APT) activity targeting industrial-related organizations.
Threat landscape for industrial automation systems. Statistics for H2 2020

25 March 2021

The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Threat landscape for the ICS engineering and integration sector. 2020

17 March 2021

The threat landscape for computers in the ICS engineering and integration sector varies depending on a computer’s environment, including its geographical location, ability to access external networks and services, and user behavior.
Lazarus targets defense industry with ThreatNeedle

25 February 2021

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
SunBurst industrial victims

26 January 2021

We were specifically interested in analyzing how many industrial organizations used backdoored SolarWinds versions and fell victim to the attack.
ICS threat predictions for 2021

02 December 2020

We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
Attacks on industrial enterprises using RMS and TeamViewer: new data

05 November 2020

This report in a nutshell Technical Analysis Spreading Malware Features Infrastructure Victims Attribution Conclusions. Recommendations Appendix I – Indicators of Compromise Appendix II – MITRE ATT&CK Mapping In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the...
Practical example of fuzzing OPC UA applications

19 October 2020

We continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available. We also discuss an example of fuzzing using libfuzzer.
What it feels like for a turbine

13 October 2020

The goal of the article is to raise awareness on security of Distributed Control Systems (DCS), propose a methodology for assessment, and a remediation strategy. Defenders are always behind attackers, and this publication is trying to balance things out.