Filter
18 October 2023
Updated MATA attacks industrial companies in Eastern EuropeKaspersky experts discovered several detections of malware from the MATA cluster, previously attributed to the Lazarus group, compromising defense contractor companies in Eastern Europe.
05 October 2023
H1 2023 – a brief overview of main incidents in industrial cybersecurityIn this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations.
25 September 2023
APT and financial attacks on industrial organizations in H1 2023An overview of reports of APT and financial attacks on industrial enterprises, as well as related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities
13 September 2023
Threat landscape for industrial automation systems. Statistics for H1 2023The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
10 August 2023
Common TTPs of attacks against industrial organizations. Implants for uploading dataIn this part we present information on the four types of implants and two tools used during the last (third) stage of the attacks discovered.
31 July 2023
Common TTPs of attacks against industrial organizations. Implants for gathering dataThis part of the research is devoted to second stage malware used to gather data on infected systems of industrial organizations.
20 July 2023
Common TTPs of attacks against industrial organizations. Implants for remote accessIn this article (which is the first part of the report) we analyze common TTPs of implants used by threat actors to establish a persistent remote access channel into the infrastructure of industrial organizations.
24 March 2023
APT attacks on industrial organizations in H2 2022This summary provides an overview of APT attacks on industrial enterprises and activity of groups that have been observed attacking industrial organizations and critical infrastructure facilities.
15 March 2023
H2 2022 – brief overview of main incidents in industrial cybersecurityIn this overview, we discuss cybercriminal and hacktivist attacks on industrial organizations.
06 March 2023
Threat landscape for industrial automation systems. Statistics for H2 2022The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Filter
30 May 2023
Why APTs are so successful – stories from IR trenchesDuring IR, while trying to figure out what went wrong, we’ve found numerous issues
12 December 2022
Unusual penetration techniques – in the wild and in Red Team researchI would like to talk about some of the tricks and methods I have seen used to gain that all important initial access to remote systems. Specifically, the unexpected and unusual.
24 May 2022
Draft of the NIST Guide #800-82 – what has changedThe release of the third version of the Guide to Operational Technology (OT) Security, SP 800-82 Rev. 3, is, without a doubt, a milestone. Is the third version as good as the previous ones? What has changed?
20 April 2022
Vulnerability in ICS: assessing the severityOn the last day of March 2022, Claroty (Team82) published an article on two vulnerabilities they had identified in Rockwell Automation products. We believe that the severity of these vulnerabilities has been significantly exaggerated. At the same time, the most dangerous vulnerability in the same products has remained unnoticed.
31 March 2022
Vulnerabilities in Tekon-Automatics solution: (ir)responsible disclosure and scope of the problemResearcher Jose Bertin described the exploitation of several vulnerabilities in a Tekon-Automatics automation solution. We analyze the real scope of what has happened and offer our take on whether this can be considered ethical vulnerability disclosure.
31 March 2021
Good old buffer overflowCISA has issued an advisory on a Rockwell Automation MicroLogix 1400 buffer overflow vulnerability
30 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0NAT bypassing techniques recently published by researchers are particularly dangerous for OT networks of industrial enterprises
09 February 2021
Classics: vulnerabilities in web console and third-party components in Pepperl+Fuchs IO-Link-Master gatewaysThe vendor has published an advisory on vulnerabilities in multifunctional gateway devices designed to integrate different types of sensors and PLCs into industrial environments
02 February 2021
Much ado about the certificate: what one should know about Siemens SCALANCE X switch configuration to avoid MitMSiemens has released a security alert which describes some cases of SCALANCE X-200/X-200IRT/X-300 switches using hardcoded encryption keys, making them prone to man-in-the-middle attacks
28 January 2021
Cryptographic deadly sins and the security of Modicon M100/M200/M221Weak implementation of cryptographic data protection allows various types of attacks and enables attackers to identify the key in captured traffic
Filter
28 March 2022
Kaspersky’s statement on the FIRST membership suspensionKaspersky ICS CERT received a letter from FIRST, notifying that its membership has been temporarily suspended. Kaspersky is disappointed by this decision and believes that it hurts the international community of experts and the cybersecurity industry as a whole.
04 March 2021
More critical vulnerabilities identified in OPC protocol implementationsSolutions that use the OPC family of protocols are affected by multiple vulnerabilities that could lead to equipment failure, remote code execution or leaks of critical data
05 February 2021
Getting back on Treck: more vulnerabilities in the infamous TCP/IP StackVulnerabilities have been identified in the IPv6 component in the Treck TCP/IP stack implementation. It is recommended that vendors of IoT devices using that implementation issue security advisories.
26 January 2021
Twentieth for Ripple20: Vulnerability in embedded web server of I/O expansion modules for IoTSсhneider Electric has published an advisory on a critical vulnerability in the web server used in TM3 I/O expansion modules
26 January 2021
Critical vulnerability in Schneider Electric HMI configuration softwareThe vulnerability could cause a Windows local user privilege escalation when using EcoStruxure™ Operator Terminal Expert and Pro-face BLUE software and WinGP runtime environment by Schneider Electric.
26 January 2021
A classic that needs updating: fresh vulnerabilities in the software of Siemens SCALANCE X switchesDoS vulnerabilities have been disclosed in the integrated web server of Siemens SCALANCE X-200 / X-200IRT / X-300 switches. Measures proposed by the vendor do not prevent all possible attacks.
23 November 2020
First things first: Kaspersky ICS CERT becomes new member of the global Forum of Incident Response and Security Teams (FIRST)After rigorous assessment, Kaspersky’s Industrial Systems Emergency Response Team (ICS CERT) has officially joined FIRST – the global Forum of Incident Response and Security Teams.
23 November 2020
ENISA publishes guidelines for securing internet of things supply chainThe European Union Agency for Cybersecurity (ENISA) has published its guidelines for securing the internet of things supply chain. Kaspersky ICS CERT experts were among the contributors to the development effort.
18 November 2020
Municipal services at Canadian City of Saint John down due to cyberattackAttack by Ryuk ransomware disrupts nearly all municipal services in Canadian city of Saint John
28 May 2020
Multiple vulnerabilities in EcoStruxure Operator Terminal ExpertVulnerabilities that can lead to unsanctioned account access or remote code execution.