31 July 2023
Common TTPs of attacks against industrial organizations. Implants for gathering dataThis part of the research is devoted to second stage malware used to gather data on infected systems of industrial organizations.
Filter
20 July 2023
Common TTPs of attacks against industrial organizations. Implants for remote accessIn this article (which is the first part of the report) we analyze common TTPs of implants used by threat actors to establish a persistent remote access channel into the infrastructure of industrial organizations.
24 March 2023
APT attacks on industrial organizations in H2 2022This summary provides an overview of APT attacks on industrial enterprises and activity of groups that have been observed attacking industrial organizations and critical infrastructure facilities.
15 March 2023
H2 2022 – brief overview of main incidents in industrial cybersecurityIn this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations.
06 March 2023
Threat landscape for industrial automation systems. Statistics for H2 2022The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
22 November 2022
ICS cyberthreats in 2023 – what to expectCybersecurity incidents were plentiful in 2022, causing many problems for industrial infrastructure owners and operators. Below we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision.
20 October 2022
Digital twins and ensuring the cybersecurity of enterprises. Oil and gas industryIn modern technology-intensive production, IT and large-scale digitalization, and therefore new cybersecurity technologies, are essential to remaining competitive, reducing costs associated with maintaining the existing infrastructure, and increasing net profits.
29 September 2022
The secrets of Schneider Electric’s UMAS protocolThe UMAS protocol, in its implementation prior to the version in which the CVE-2021-22779 vulnerability was fixed, had significant shortcomings that had a critical effect on the security of control systems based on Schneider Electric controllers.
08 September 2022
H1 2022 – a brief overview of the main incidents in industrial cybersecurityEvents in the cybersecurity world, including ICS, were intense in H1 2022.
08 September 2022
Threat landscape for industrial automation systems. Statistics for H1 2022The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Filter
03 April 2020
Threat actor behind Ruyk malware continues attacks on medical facilities despite epidemicIn the past month, 10 more hospitals have fallen victim to Ryuk attacks in the US
17 January 2020
Ransomware attack on Picanol paralyzes production at plants in Belgium, Romania, and ChinaThe company has been forced to stop its operations almost completely. Production recovery will take at least a week
10 January 2020
Dustman wiper attack on Bapco oil companyDustman is an upgraded version of the ZeroCleare wiper. The attack exploited a vulnerability in VPN appliances
30 December 2019
Ryuk ransomware attacks unnamed US maritime transportation facilityThe infection affected the facility’s corporate network and industrial control systems that control cargo transfer. The primary operations of the facility were shut down for over 30 hours
24 December 2019
German cities under attack by Emotet botnetEmotet was distributed via phishing emails and was used to deploy ransomware
20 December 2019
Multiple vulnerabilities in WAGO PLCsNine vulnerabilities have been identified in WAGO PFC200 and PFC100 PLCs. They could lead to arbitrary code execution or cause denial of service
20 December 2019
More ransomware attacksVictims of the latest attacks include Pensacola and New Orleans city administrations in the US and a hospital in Benešov (Czech Republic)
19 December 2019
Multiple vulnerabilities in Modicon controllersIf exploited, the vulnerabilities could result in denial of service. They can be fixed by updating device firmware
18 December 2019
Multiple vulnerabilities in SPPA-T3000 componentsVulnerabilities have been identified in SPPA-T3000 Application Server and MS3000 Migration Server. Some of the faults are critical and could allow attackers to execute arbitrary code on the server
17 December 2019
Multiple vulnerabilities in Siemens productsVulnerable solutions include SiNVR 3, XHQ Operations Intelligence, RUGGEDCOM ROS, and Siemens EN100
Filter