Filter
24 January 2019
GreyEnergy’s overlap with ZebrocyZebrocy is the name given to a subset of the Sofacy group (aka Fancy Bear, Sednit, APT28, Tsar Team, etc.). GreyEnergy and Zebrocy used the same servers at the same time and attacked the same organization.
22 January 2019
Security research: ThingsPro Suite – IIoT gateway and device manager by MoxaThe security of products such as IIoT requires special attention. This time, the subject of our research was the ThingsPro Suite, an IIoT gateway and device manager from Moxa.
17 January 2019
Challenges of industrial cybersecurityFactors that have a significant effect, now and going forward, on the threat landscape, on the development, implementation, and use of organizational and technical measures to protect industrial facilities, and the main issues associated with ensuring the cybersecurity of industrial enterprises.
20 September 2018
Threats posed by using RATs in ICSThe paper provides an analysis of the prevalence of remote administration tools on OT networks and the threats associated with their use.
06 September 2018
Threat landscape for industrial automation systems: H1 2018In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.
01 August 2018
Attacks on industrial enterprises using RMS and TeamViewerThe malware used in these attacks installs legitimate remote administration software – TeamViewer or RMS – on the system. This enables the attackers to gain remote control of infected systems.
28 June 2018
The State of Industrial Cybersecurity 2018: findings of joint survey by Kaspersky Lab and PACKaspersky Lab has published the results of The State of Industrial Cybersecurity study carried out in collaboration with PAC, a CXP Group Company, and based on a survey of 320 professionals representing companies from such sectors as manufacturing and industrial production, energy, mining, transport, and logistics.
10 May 2018
OPC UA security analysisThis paper discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. In publishing this material, we hope to draw the attention of vendors that develop software for industrial automation systems and the industrial internet of things to problems associated with using such widely available technologies, which turned out to be quite common.
23 April 2018
Energetic Bear / Crouching Yeti: attacks on serversThis report by Kaspersky Lab ICS CERT presents information on identified servers that have been infected and used by the group. The report also includes the findings of an analysis of several webservers compromised by the Energetic Bear group during 2016 and in early 2017.
26 March 2018
Threat Landscape for Industrial Automation Systems in H2 2017In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017.
Filter
11 September 2018
Buffer overflow vulnerabilities in industrial automation products by Opto22The vulnerability affects PAC Control Basic and PAC Control Professional version R10.0а and earlier and could allow arbitrary code execution
31 August 2018
Vulnerabilities in Schneider Electric industrial devicesNew vulnerabilities have been identified in Schneider Electric PM5560 power meter and Modicon M221 logic controller
22 August 2018
Princeton University researchers: causing power outages with IoT botnetA study has been published on the ways in which high-wattage smart devices could be used in attacks on the power grid
22 August 2018
Multiple vulnerabilities in Emerson DeltaV DCS industrial workstationsCritical vulnerabilities in industrial PCs used by Emerson’s DeltaV distributed control system could allow arbitrary code execution, malware injection or malware propagation to other workstations
06 August 2018
APT group called RASPITE attacks industrial enterprisesDragos has published information on a newly-identified APT group, which it calls RASPITE. According to Dragos, the group's activity overlaps significantly with that of Leafminer, a group identified earlier by Symantec
06 August 2018
The Third Specialized Conference “IT Security for Industrial Systems” in FrankfurtOn November 12 – 13 the Third Specialized Conference “IT Security for Industrial Systems” will be held in Frankfurt.
03 August 2018
Critical vulnerabilities in WECON LeviStudioUBuffer overflow vulnerabilities in WECON LeviStudioU could allow remote code execution.
24 July 2018
Buffer overflow vulnerabilities in AVEVA HMI solutionsVulnerabilities in HMI solutions InduSoft Web Studio, InTouch Machine Edition and InTouch could allow remote code execution and cause systems to be compromised
23 July 2018
Dangerous vulnerability fixed in Moxa NPort serial network interface devicesA vulnerability in Moxa NPort 5210, 5230 and 5232 devices could allow a remote attacker to cause a resource exhaustion condition
19 July 2018
Dangerous vulnerability identified in ABB Panel Builder 800 engineering softwareA vulnerability in Panel Builder 800 engineering software installed on ABB Panel 800 HMI devices could enable attackers to plant and execute arbitrary code on affected devices
Filter