29 March 2021
APT attacks on industrial companies in 2020Overview of APT attacks on industrial enterprises information on which was published in 2020.
Filter
25 March 2021
Threat landscape for industrial automation systems. Statistics for H2 2020The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
17 March 2021
Threat landscape for the ICS engineering and integration sector. 2020The threat landscape for computers in the ICS engineering and integration sector varies depending on a computer’s environment, including its geographical location, ability to access external networks and services, and user behavior.
25 February 2021
Lazarus targets defense industry with ThreatNeedleIn mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
26 January 2021
SunBurst industrial victimsHow many industrial organizations had installed backdoored SolarWinds versions? We present the results of our analysis.
02 December 2020
ICS threat predictions for 2021We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
05 November 2020
Attacks on industrial enterprises using RMS and TeamViewer: new dataThe attacks use remote administration utilities whose graphical user interface is hidden by the malware, enabling the attackers to control the infected system without the user’s knowledge.
19 October 2020
Practical example of fuzzing OPC UA applicationsWe continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available. We also discuss an example of fuzzing using libfuzzer.
13 October 2020
What it feels like for a turbineThe goal of the article is to raise awareness on security of Distributed Control Systems (DCS), propose a methodology for assessment, and a remediation strategy. Defenders are always behind attackers, and this publication is trying to balance things out.
08 October 2020
MontysThree: Industrial espionage with steganography and a Russian accent on both sidesIn Summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018.
Filter
20 May 2019
Critical vulnerabilities identified by Kaspersky Lab have been corrected in Siemens SIMATIC WinCC and SIMATIC PCS 7Multiple vulnerabilities could lead to arbitrary code and command execution on a target system and a denial-of-service condition
22 March 2019
Metallurgical giant Norsk Hydro attacked by encrypting malwareOn March 19 2019 Norsk Hydro, one of the world’s largest aluminum producers revealed that ransomware had been used in an attack against them.
15 January 2019
Vulnerabilities in Schneider Electric industrial solutionsCritical and severe vulnerabilities have been identified in GP-Pro EX programming environment, Zelio Soft software and IIoT Monitor platform
14 December 2018
Critical vulnerabilities in Siemens SINUMERIK controllersExploitation of vulnerabilities in Siemens SINUMERIK controllers cold allow remote code execution, privilege escalation and device denial-of-service conditions
11 December 2018
IoT Security in the ‘Smart Manufacturing’ world: a new study by ENISAENISA has released a new study: “Good Practices for Security of Internet of Things in the context of Smart Manufacturing. Kaspersky Lab ICS CERT experts contributed to the study.
23 November 2018
Critical vulnerability in Modicon M221 PLCA critical vulnerability in Modicon M221 PLC could allow attackers to intercept traffic by remotely changing IPv4 parameters
16 November 2018
Web vulnerabilities in Siemens SIMATIC operator panelsThe most serious of the vulnerabilities could allow arbitrary files to be downloaded from the device
16 November 2018
Vulnerabilities in Siemens industrial productsThe most dangerous of the vulnerabilities affect the SIMATIC S7-400 CPU family and the SIMATIC IT Production Suite software package. The vulnerabilities have been fixed for most of the affected products
08 November 2018
Schneider Electric has fixed a vulnerability in SESU softwareThe vulnerability affects the Schneider Electric Software Update (SESU) tool, which is used to notify users when updated Schneider Electric software is available
08 November 2018
Critical vulnerabilities in CirCarLife electric vehicle chargersSuccessful exploitation of these vulnerabilities could allow a remote attacker to retrieve credentials to bypass authentication, and to access critical information
Filter