20 September 2018
Threats posed by using RATs in ICSThe paper provides an analysis of the prevalence of remote administration tools on OT networks and the threats associated with their use.
Filter
06 September 2018
Threat landscape for industrial automation systems: H1 2018In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.
01 August 2018
Attacks on industrial enterprises using RMS and TeamViewerThe malware used in these attacks installs legitimate remote administration software – TeamViewer or RMS – on the system. This enables the attackers to gain remote control of infected systems.
28 June 2018
The State of Industrial Cybersecurity 2018: findings of joint survey by Kaspersky Lab and PACKaspersky Lab has published the results of The State of Industrial Cybersecurity study carried out in collaboration with PAC, a CXP Group Company, and based on a survey of 320 professionals representing companies from such sectors as manufacturing and industrial production, energy, mining, transport, and logistics.
10 May 2018
OPC UA security analysisThis paper discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. In publishing this material, we hope to draw the attention of vendors that develop software for industrial automation systems and the industrial internet of things to problems associated with using such widely available technologies, which turned out to be quite common.
23 April 2018
Energetic Bear / Crouching Yeti: attacks on serversThis report by Kaspersky Lab ICS CERT presents information on identified servers that have been infected and used by the group. The report also includes the findings of an analysis of several webservers compromised by the Energetic Bear group during 2016 and in early 2017.
26 March 2018
Threat Landscape for Industrial Automation Systems in H2 2017In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017.
12 March 2018
Somebody’s watching! When cameras are more than just ‘smart’The researchers at Kaspersky Lab ICS CERT decided to check the popular smart camera to see how well protected it is against cyber abuses.
28 February 2018
IoT hack: how to break a smart home… againThere can never be too many IoT gadgets – that’s what people usually think when buying yet another connected device with advanced functionality. From our perspective, we also think there can’t be too many IoT investigations.
07 February 2018
Gas is too expensive? Let’s make it cheap!A few months ago, while undertaking unrelated research into online connected devices, we uncovered something surprising and realized almost immediately that we could be looking at a critical security threat.
Filter
29 January 2018
Vulnerability in Nari PCS-9611 relaysAn improper input validation vulnerability has been identified in the Nari PCS-9611 protection relay. Although an exploit for the vulnerability exists, the vendor has so far not commented on the problem.
12 January 2018
Industrial solutions may be affected by Spectre and Meltdown vulnerabilitiesVulnerabilities in Intel, ARM64 and AMD processors allow unauthorized access to virtual memory contents. Vulnerable devices include industrial equipment.
19 December 2017
Serious vulnerabilities identified in Palo Alto firewallsAttackers can take advantage of vulnerabilities in the PAN-OS management interface to execute arbitrary code with superuser privileges.
18 December 2017
TRITON attack. Comment by Kaspersky Lab ICS CERT expertThe TRITON attack demonstrates an important property of attacks on industrial enterprises: they may show no signs of malicious computer activity.
14 December 2017
The brief awakening of the Satori botnetThe Satori botnet has used embedded exploits to attack ports 37215 and 52869. After reaching the size of 280,000 active bots, the botnet has suddenly folded its operations.
05 December 2017
Dnsmasq Vulnerabilities Affect Siemens SCALANCE SolutionsSiemens SCALANCE industrial solutions are affected by Dnsmasq vulnerabilities. An attacker could be able to execute arbitrary code or conduct a DoS attack.
04 December 2017
New Mirai VariantA new variant of the Mirai malware infects vulnerable ZyXEL devices, making them part of a botnet.
04 December 2017
Vulnerabilities in Siemens SWT 3000 DevicesVulnerabilities in Siemens SWT 3000, a system used in the energy sector, allow attackers to gain access to sensitive information, circumvent authentication and conduct a DoS attack.
24 November 2017
Intel Releases Updates to Close ME, SPS and TXE VulnerabilitiesSerious vulnerabilities have been found in Intel processors. These flaws also affect industrial equipment. Intel has released the relevant updates and equipment vendors now need to integrate them into their products.
24 November 2017
Siemens Industrial Solutions Are Vulnerable to Denial-of-Service AttacksSiemens has announced that some of its industrial solutions are vulnerable to DoS attacks. Vulnerable devices include industrial controllers, field devices and shop floor automation systems.
Filter