Lazarus targets defense industry with ThreatNeedle
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
SunBurst industrial victims
We were specifically interested in analyzing how many industrial organizations used backdoored SolarWinds versions and fell victim to the attack.
ICS threat predictions for 2021
We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
Attacks on industrial enterprises using RMS and TeamViewer: new data
This report in a nutshell Technical Analysis Spreading Malware Features Infrastructure Victims Attribution Conclusions. Recommendations Appendix I – Indicators of Compromise Appendix II – MITRE ATT&CK Mapping In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the...
Practical example of fuzzing OPC UA applications
We continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available. We also discuss an example of fuzzing using libfuzzer.
What it feels like for a turbine
The goal of the article is to raise awareness on security of Distributed Control Systems (DCS), propose a methodology for assessment, and a remediation strategy. Defenders are always behind attackers, and this publication is trying to balance things out.
MontysThree: Industrial espionage with steganography and a Russian accent on both sides
In Summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018.
Threat landscape for industrial automation systems. H1 2020
Contents H1 2020 Report at a glance Overall downward trend for percentages of attacked computers globally Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. In H1 2020 the percentage of ICS computers on which malicious...
The State of Industrial Cybersecurity 2020
In 2020 ARC Advisory Group on behalf of Kaspersky conducted a survey on the state of industrial cybersecurity, as well as the current priorities and challenges of industrial organizations. More than 330 industrial companies and organizations across the globe were surveyed online and 10 industry representatives were interviewed at trade fairs and ARC forums worldwide....
Cyberthreats for ICS in Energy in Europe. Q1 2020
Object of research Computers in European countries which are used to configure, maintain and control equipment in the energy industry on which Kaspersky products are installed. This includes Windows computers on which various software packages for the energy industry are installed, including but not limited to human-machine interface (HMI), OPC gateway, engineering, control and data...