Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year.
APT attacks on industrial organizations in H1 2021
This summary provides an overview of APT attacks on industrial enterprises disclosed in H1 2021.
Threat landscape for industrial automation systems. Statistics for H1 2021
In H1 2021, the percentage of ICS computers on which malicious objects were blocked was 33.8%, which was 0.4 p.p. more than in H2 2020.
DarkChronicles: the consequences of the Colonial Pipeline attack
This article began as an overview of the Colonial Pipeline incident. However, the events unfolded so rapidly that the scope of the publication has gone beyond a single incident.
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks
An incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.
APT attacks on industrial companies in 2020
Since 2018, Kaspersky ICS CERT has published annual summaries of advanced persistent threat (APT) activity targeting industrial-related organizations.
Threat landscape for industrial automation systems. Statistics for H2 2020
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Threat landscape for the ICS engineering and integration sector. 2020
The threat landscape for computers in the ICS engineering and integration sector varies depending on a computer’s environment, including its geographical location, ability to access external networks and services, and user behavior.
Lazarus targets defense industry with ThreatNeedle
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.