29 January 2025
Threat predictions for industrial enterprises 2025Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025.
Publications
Filter
26 December 2024
APT and financial attacks on industrial organizations in Q3 2024During the quarter, a number of research papers and technical advisories were published detailing attacks that either targeted or affected organizations in the industrial sector. From our perspective, the following are likely to be the most interesting for researchers and useful for cybersecurity practitioners
25 December 2024
Threat landscape for industrial automation systems. Regions, Q3 2024The percentage of ICS computers on which malicious objects were blocked decreased from the second quarter to 22%. But the figure increased in Africa, South Asia, South-East Asia, the Middle East, Latin America, and East Asia. Regionally, the percentage ranged from 9.7% in Northern Europe to 31.5% in Africa.
25 December 2024
Threat landscape for industrial automation systems. Q3 2024The percentage of ICS computers on which malicious objects were blocked decreased by 1.5 pp from the second quarter to 22%. The biometrics sector led the surveyed industries in terms of this parameter.
21 November 2024
Threat landscape for industrial automation systems. Regions, Q2 2024The global percentage of ICS computers on which malicious objects were blocked decreased from Q1 2024 to 23.5%. But the figure increased in four regions. Regionally, the percentage ranged from 11.3% in Northern Europe to 30% in Africa.
08 November 2024
Q2 2024 – a brief overview of the main incidents in industrial cybersecurityA total of 35 incidents were confirmed by victims. Half of the attacks reportedly resulted in the denial of IT systems and the denial of operations. There is a case of a company that was unable to recover from the impact of a cyberattack and decided to cease operations.
03 October 2024
APT and financial attacks on industrial organizations in Q2 2024This summary provides an overview of the reports of APT and financial attacks on industrial enterprises that were disclosed in Q2 2024, as well as the related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities.
26 September 2024
Threat landscape for industrial automation systems. Q2 2024In the second quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.9 pp from the previous quarter to 23.5%. Compared to the second quarter of 2023, the percentage decreased by 3.3 pp.
13 June 2024
Cinterion EHS5 3G UMTS/HSPA Module ResearchIn the course of the modem security analysis, we found seven locally exploited vulnerabilities and one remotely exploited vulnerability. The combination of these vulnerabilities could allow an attacker to completely get control over the modem.
10 June 2024
APT and financial attacks on industrial organizations in Q1 2024This summary provides an overview of the reports of APT and financial attacks on industrial enterprises, as well as the related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities.
Filter
30 May 2023
Why APTs are so successful – stories from IR trenchesDuring IR, while trying to figure out what went wrong, we’ve found numerous issues
12 December 2022
Unusual penetration techniques – in the wild and in Red Team researchI would like to talk about some of the tricks and methods I have seen used to gain that all important initial access to remote systems. Specifically, the unexpected and unusual.
24 May 2022
Draft of the NIST Guide #800-82 – what has changedThe release of the third version of the Guide to Operational Technology (OT) Security, SP 800-82 Rev. 3, is, without a doubt, a milestone. Is the third version as good as the previous ones? What has changed?
20 April 2022
Vulnerability in ICS: assessing the severityOn the last day of March 2022, Claroty (Team82) published an article on two vulnerabilities they had identified in Rockwell Automation products. We believe that the severity of these vulnerabilities has been significantly exaggerated. At the same time, the most dangerous vulnerability in the same products has remained unnoticed.
31 March 2022
Vulnerabilities in Tekon-Automatics solution: (ir)responsible disclosure and scope of the problemResearcher Jose Bertin described the exploitation of several vulnerabilities in a Tekon-Automatics automation solution. We analyze the real scope of what has happened and offer our take on whether this can be considered ethical vulnerability disclosure.
31 March 2021
Good old buffer overflowCISA has issued an advisory on a Rockwell Automation MicroLogix 1400 buffer overflow vulnerability
30 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0NAT bypassing techniques recently published by researchers are particularly dangerous for OT networks of industrial enterprises
09 February 2021
Classics: vulnerabilities in web console and third-party components in Pepperl+Fuchs IO-Link-Master gatewaysThe vendor has published an advisory on vulnerabilities in multifunctional gateway devices designed to integrate different types of sensors and PLCs into industrial environments
02 February 2021
Much ado about the certificate: what one should know about Siemens SCALANCE X switch configuration to avoid MitMSiemens has released a security alert which describes some cases of SCALANCE X-200/X-200IRT/X-300 switches using hardcoded encryption keys, making them prone to man-in-the-middle attacks
28 January 2021
Cryptographic deadly sins and the security of Modicon M100/M200/M221Weak implementation of cryptographic data protection allows various types of attacks and enables attackers to identify the key in captured traffic
Filter
26
March 2024
As the industrial landscape evolves, so do the threats that accompany it. While many industrial threats may be developing slowly from year to year, subtle changes are reaching a critical mass, poised to reshape the cybersecurity landscape in the near future.
22
Dec 2021
TÜV Austria Academy will offer Kaspersky training courses
The cooperation between Kaspersky and the TÜV Austria Academy focuses on jointly implementing innovative certified training courses for specialists in information technology and industrial systems. The corresponding contract was signed at the end of November.
2
Dec 2021
Kaspersky Industrial Cybersecurity Conference 2021
The 9th annual Kaspersky Industrial Cybersecurity Conference took place in Sochi on September 8-10.
29
Oct 2021
Are industrial organizations a target for cybercriminals?
Kaspersky ICS CERT experts virtually provided ICS Training for Executives
24
Nov 2020
Kaspersky ICS CERT goes virtual with the Deggendorf Institute of Technology!
Kaspersky’s mission incorporates education on all levels, including collaborations with universities. As part of this mission, we have been working with the Deggendorf Institute of Technology (DIT) for the past eighteen months.
30
Jan 2020
Kaspersky conducts ICS digital forensics and incident response training course in China
Beijing, 23-27 December 2019: Kaspersky ICS CERT together with the China Industrial Control Systems Cyber Emergency Response Team (CIC) conducted a training course on digital forensics and incident response in industrial control systems.
6
Oct 2021
Applied industrial cybersecurity by Kaspersky at the Deggendorf Institute of Technology
October 14 and 15, 2019, Kaspersky ICS CERT experts provided an exclusive two-day training program on applied industrial cybersecurity at the Deggendorf Institute of Technology (DIT) for graduate students specializing in cybersecurity, as well as for 30 students from various DIT courses.
1
Nov 2019
7th Kaspersky Industrial Cybersecurity Conference
Kaspersky’s seventh international conference dedicated to industrial cybersecurity took place on September 18-20 in Sochi, Russia.
29
Apr 2019
Kaspersky Industrial CTF 2019 Finals Results
The finals of the Kaspersky Industrial CTF, an industrial cybersecurity contest, were just held in Singapore. The winner is the LC/BC team from Russia
5
Apr 2019
Cybersecurity Insight – MIT workshops in partnership with Kaspersky Lab
MIT held Cybersecurity Insight, providing presentations, practical workshops and an ICS CTF in partnership with Kaspersky Lab