Filter
19 January 2022
Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networksTargets of spyware attacks in which each malware sample has a limited-scope and a short lifetime include industrial enterprises. Victim organizations’ SMTP services are abused to send phishing emails and collect stolen data.
30 December 2021
Log4Shell at industrial enterprisesAlthough it is still difficult to say to what extent vulnerable ICS systems are exposed to potential attacks, we hope that, unlike IT infrastructures, most vulnerable OT systems cannot accept inputs coming from untrusted sources.
16 December 2021
PseudoManuscrypt: a mass-scale spyware attack campaignKaspersky products blocked PseudoManuscrypt on more than 35,000 computers in 195 countries of the world. Targets of attacks include a significant number of industrial and government organizations, including enterprises in the military-industrial complex and research laboratories.
23 November 2021
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming year.
26 October 2021
APT attacks on industrial organizations in H1 2021This summary provides an overview of APT attacks on industrial enterprises disclosed in H1 2021.
09 September 2021
Threat landscape for industrial automation systems. Statistics for H1 2021The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
21 May 2021
DarkChronicles: the consequences of the Colonial Pipeline attackThis article began as an overview of the Colonial Pipeline incident. However, the events unfolded so rapidly that the scope of the publication has gone beyond a single incident.
07 April 2021
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacksAn incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.
29 March 2021
APT attacks on industrial companies in 2020Overview of APT attacks on industrial enterprises information on which was published in 2020.
25 March 2021
Threat landscape for industrial automation systems. Statistics for H2 2020The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Filter
09 July 2019
New vulnerability in Schneider Electric Modicon PLCsThe vulnerability is due to an improper check for unusual or exceptional conditions and could lead to denial of service
28 June 2019
Multiple vulnerabilities in ABB HMI solutionsThe vulnerabilities affect CP635 and CP651 control panels and PB610 Panel Builder 600
28 June 2019
Critical vulnerability in SICK MSC800 PLCThe vulnerability is caused by the use of hard-coded credentials
28 June 2019
Multiple vulnerabilities in Advantech WebAccess/SCADAThe vulnerabilities could lead to the disclosure of important information, deletion of files and remote code execution
24 June 2019
Vulnerabilities in Phoenix Contact’s Automation Worx Software SuiteSuccessful exploitations of the vulnerabilities could lead to remote execution of arbitrary code
17 June 2019
Critical vulnerabilities in WAGO industrial switchesExploitation of the vulnerabilities could allow a remote compromise of the managed switch, resulting in disruption of communication and root access to the operating system
14 June 2019
Ransomware disrupts production at four ASCO Industries plantsA ransomware attack has caused ASCO plants in Belgium, Germany, Canada and the US to suspend their operations. 1000 employees have been placed on a one-week leave
11 June 2019
Dangerous vulnerabilities identified in Phoenix Contact industrial switches and controllersThe vulnerabilities allow attackers to gain unauthorized access to device configuration, decrypt passwords, cause denial of service, or bypass authentication
11 June 2019
Dangerous vulnerability fixed in Cisco Industrial Network DirectorThe vulnerability could be used by an authenticated, remote attacker to execute arbitrary code on devices running vulnerable software
10 June 2019
Multiple vulnerabilities in Optergy Proton/Enterprise building management systemIf successfully exploited, the vulnerabilities could allow an attacker to execute code remotely and gain full system access
Filter