02 December 2020
ICS threat predictions for 2021We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
Filter
05 November 2020
Attacks on industrial enterprises using RMS and TeamViewer: new dataThe attacks use remote administration utilities whose graphical user interface is hidden by the malware, enabling the attackers to control the infected system without the user’s knowledge.
19 October 2020
Practical example of fuzzing OPC UA applicationsWe continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available. We also discuss an example of fuzzing using libfuzzer.
13 October 2020
What it feels like for a turbineThe goal of the article is to raise awareness on security of Distributed Control Systems (DCS), propose a methodology for assessment, and a remediation strategy. Defenders are always behind attackers, and this publication is trying to balance things out.
08 October 2020
MontysThree: Industrial espionage with steganography and a Russian accent on both sidesIn Summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018.
24 September 2020
Threat landscape for industrial automation systems. H1 2020The percentage of computers attacked globally is decreasing. At the same time, threats are becoming more localized, more focused, and, as a result, more diverse and sophisticated.
15 September 2020
The State of Industrial Cybersecurity 2020In 2020 ARC Advisory Group on behalf of Kaspersky conducted a survey on the state of industrial cybersecurity, as well as the current priorities and challenges of industrial organizations. More than 330 industrial companies and organizations across the globe were surveyed online and 10 industry representatives were interviewed at trade fairs and ARC forums worldwide.
31 August 2020
Cyberthreats for ICS in Energy in Europe. Q1 2020In Q1 2020 in Europe, Kaspersky products were triggered on 20.4% of ICS computers in the energy sector. A total of 1,485 malware modifications from 633 different families were blocked.
17 June 2020
Steganography in attacks on industrial enterprises (updated)Kaspersky ICS CERT has identified a series of attacks targeting, among others, organizations in various industrial sectors. Victims include suppliers of equipment and software for industrial enterprises.
30 April 2020
Overview of recommendations on organizing secure remote work for critical infrastructure and other facilitiesDo security issues associated with working remotely affect critical infrastructure enterprises? Should organizations take additional protective measures? A view of regulators in the area of information security.
Filter
13 June 2018
Multiple vulnerabilities in U.motion BuilderMultiple remote code execution vulnerabilities have been corrected in Schneider Electric’s U.motion Builder. Fixes for the vulnerabilities have been included in version 1.3.4 of the solution
09 June 2018
Serious vulnerability in RSLinx Classic and FactoryTalk Linx Gateway by Rockwell AutomationA serious vulnerability has been identified in Rockwell Automation solutions for industrial networks RSLinx Classic and FactoryTalk Linx Gateway
05 June 2018
Critical vulnerability in Yokogawa STARDOM controllersHardcoded credentials have been identified in Yokogawa STARDOM controllers, potentially leading to remote execution of arbitrary code on affected devices
29 May 2018
Multiple vulnerabilities in Schneider Electric Floating License ManagerDangerous vulnerabilities have been identified in the Schneider Electric Floating License Manager platform.
28 May 2018
VPNFilter malware can be used to detect SCADA equipmentCisco Talos researchers have detected new malware, which has been dubbed VPNFilter. To date, the malware has infected at least 500,000 routers and network-attached storage (NAS) devices in 54 countries of the world.
28 May 2018
Serious vulnerabilities in TELEM-GW6/GWM data concentratorsVulnerabilities in Martem TELEM-GW6/GWM data concentrators could enable remote attackers to gain control of the industrial process, cause denial of service and execute arbitrary code
23 May 2018
Serious vulnerability fixed in PACSystems industrial controllersA serious improper data validation vulnerability has been closed in some models of PACSystems industrial controllers. Exploitation of the vulnerability could cause affected devices to malfunction
23 May 2018
Dangerous vulnerabilities identified in FL SWITCH industrial Ethernet switchesCritical vulnerabilities have been identified in FL SWITCH series 3xxx, 4xxx and 48xxx industrial Ethernet switches. Updating the firmware of the switches to version 1.34 or higher is recommended to eliminate these vulnerabilities
22 May 2018
OPC Foundation Consortium comments on Kaspersky Lab’s OPC UA security analysis reportThe OPC Foundation has published an official response to Kaspersky Lab’s analysis
18 May 2018
DoS vulnerability in SIMATIC S7-400 controllersA hardware vulnerability in SIMATIC S7-400 CPUs could cause denial-of-service conditions of affected PLCs. Exploitation of the vulnerability does not require user interaction or any privileges
Filter