Filter
25 March 2025
Q4 2024 – a brief overview of the main incidents in industrial cybersecurityIn Q4 2024, 107 incidents were publicly confirmed by victims. All of these incidents are included in the table at the end of the overview, with select incidents described in detail. Report at a glance Attacks leading to insolvency Kreisel Manufacturing | Denial of operations, insolvency | Ransomware German bulk material handling company Kreisel GmbH & […]
25 March 2025
APT and financial attacks on industrial organizations in Q4 2024Abusing of Telegram to spy and put pressure on their victims’ employees, notifying the victims by printing messages on printers connected to a compromised network – we publish interesting details of attacks on industrial enterprises disclosed at this quarter.
17 March 2025
Threat landscape for industrial automation systems. Regions, Q4 2024The percentage of ICS computers on which malicious objects were blocked increased in eight regions. Regionally, the percentage ranged from 10.6% in Northern Europe to 31.0% in Africa.
17 March 2025
Threat landscape for industrial automation systems. Q4 2024The percentage of ICS computers on which malicious scripts and phishing pages as well as ransomware were blocked continued to increase.
24 February 2025
Operation SalmonSlalomKaspersky discovered a new attack targeting industrial organizations in APAC
19 February 2025
Q3 2024 – a brief overview of the main incidents in industrial cybersecurityMany large companies, including some well-known brands, affected by cyberattacks. An unusually high number of victims were in critical sectors such as utilities and power and energy.
29 January 2025
Threat predictions for industrial enterprises 2025Kaspersky ICS CERT analyzes industrial threat trends and makes forecasts on how the industrial threat landscape will look in 2025.
26 December 2024
APT and financial attacks on industrial organizations in Q3 2024During the quarter, a number of research papers and technical advisories were published detailing attacks that either targeted or affected organizations in the industrial sector. From our perspective, the following are likely to be the most interesting for researchers and useful for cybersecurity practitioners
25 December 2024
Threat landscape for industrial automation systems. Regions, Q3 2024The percentage of ICS computers on which malicious objects were blocked decreased from the second quarter to 22%. But the figure increased in Africa, South Asia, South-East Asia, the Middle East, Latin America, and East Asia. Regionally, the percentage ranged from 9.7% in Northern Europe to 31.5% in Africa.
25 December 2024
Threat landscape for industrial automation systems. Q3 2024The percentage of ICS computers on which malicious objects were blocked decreased by 1.5 pp from the second quarter to 22%. The biometrics sector led the surveyed industries in terms of this parameter.
Filter
30 May 2023
Why APTs are so successful – stories from IR trenchesDuring IR, while trying to figure out what went wrong, we’ve found numerous issues
12 December 2022
Unusual penetration techniques – in the wild and in Red Team researchI would like to talk about some of the tricks and methods I have seen used to gain that all important initial access to remote systems. Specifically, the unexpected and unusual.
24 May 2022
Draft of the NIST Guide #800-82 – what has changedThe release of the third version of the Guide to Operational Technology (OT) Security, SP 800-82 Rev. 3, is, without a doubt, a milestone. Is the third version as good as the previous ones? What has changed?
20 April 2022
Vulnerability in ICS: assessing the severityOn the last day of March 2022, Claroty (Team82) published an article on two vulnerabilities they had identified in Rockwell Automation products. We believe that the severity of these vulnerabilities has been significantly exaggerated. At the same time, the most dangerous vulnerability in the same products has remained unnoticed.
31 March 2022
Vulnerabilities in Tekon-Automatics solution: (ir)responsible disclosure and scope of the problemResearcher Jose Bertin described the exploitation of several vulnerabilities in a Tekon-Automatics automation solution. We analyze the real scope of what has happened and offer our take on whether this can be considered ethical vulnerability disclosure.
28 March 2022
Kaspersky’s statement on the FIRST membership suspensionKaspersky ICS CERT received a letter from FIRST, notifying that its membership has been temporarily suspended. Kaspersky is disappointed by this decision and believes that it hurts the international community of experts and the cybersecurity industry as a whole.
31 March 2021
Good old buffer overflowCISA has issued an advisory on a Rockwell Automation MicroLogix 1400 buffer overflow vulnerability
30 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0NAT bypassing techniques recently published by researchers are particularly dangerous for OT networks of industrial enterprises
04 March 2021
More critical vulnerabilities identified in OPC protocol implementationsSolutions that use the OPC family of protocols are affected by multiple vulnerabilities that could lead to equipment failure, remote code execution or leaks of critical data
09 February 2021
Classics: vulnerabilities in web console and third-party components in Pepperl+Fuchs IO-Link-Master gatewaysThe vendor has published an advisory on vulnerabilities in multifunctional gateway devices designed to integrate different types of sensors and PLCs into industrial environments
Filter
As the industrial landscape evolves, so do the threats that accompany it. While many industrial threats may be developing slowly from year to year, subtle changes are reaching a critical mass, poised to reshape the cybersecurity landscape in the near future.
The cooperation between Kaspersky and the TÜV Austria Academy focuses on jointly implementing innovative certified training courses for specialists in information technology and industrial systems. The corresponding contract was signed at the end of November.
The 9th annual Kaspersky Industrial Cybersecurity Conference took place in Sochi on September 8-10.
Kaspersky ICS CERT experts virtually provided ICS Training for Executives
Kaspersky’s mission incorporates education on all levels, including collaborations with universities. As part of this mission, we have been working with the Deggendorf Institute of Technology (DIT) for the past eighteen months.
Beijing, 23-27 December 2019: Kaspersky ICS CERT together with the China Industrial Control Systems Cyber Emergency Response Team (CIC) conducted a training course on digital forensics and incident response in industrial control systems.
October 14 and 15, 2019, Kaspersky ICS CERT experts provided an exclusive two-day training program on applied industrial cybersecurity at the Deggendorf Institute of Technology (DIT) for graduate students specializing in cybersecurity, as well as for 30 students from various DIT courses.
Kaspersky’s seventh international conference dedicated to industrial cybersecurity took place on September 18-20 in Sochi, Russia.
The finals of the Kaspersky Industrial CTF, an industrial cybersecurity contest, were just held in Singapore. The winner is the LC/BC team from Russia
MIT held Cybersecurity Insight, providing presentations, practical workshops and an ICS CTF in partnership with Kaspersky Lab