Publications

18 September 2019

This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.

• Codesys,
• Codesys Runtime,
• vulnerabilities

18 September 2019

This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.

• Codesys,
• Codesys Runtime,
• vulnerabilities

27 March 2019

Main events of the six-month period, vulnerabilities identified in 2018, relevant threats, and statistics from ICS computers protected by Kaspersky products.

• APT,
• automotive,
• phishing,
• ransomware,
• statistics,
• vulnerabilities

22 January 2019

The security of products such as IIoT requires special attention. This time, the subject of our research was the ThingsPro Suite, an IIoT gateway and device manager from Moxa.

• IoT,
• Moxa,
• ThingsPro Suite,
• vulnerabilities

06 September 2018

In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.

• APT,
• phishing,
• RMS,
• TeamViewer,
• vulnerabilities

26 March 2018

In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017.

• statistics,
• vulnerabilities,
• WannaCry

22 January 2018

In the past years, the problem of vulnerabilities in industrial automation systems has been becoming increasingly important. The fact that industrial control systems have been developing in parallel with IT systems, relatively independently and often without regard for modern secure coding practices is probably the main source of ICS security problems.

• Gemalto,
• SafeNet,
• vulnerabilities

15 November 2017

Critical vulnerabilities that have recently been identified in the WPA2 protocol enable threat actors to carry out Man-in-the-Middle (MitM) attacks and force devices connected to the network to reinstall encryption keys that protect traffic. These vulnerabilities can be used, among other things, to implement attacks on industrial automation systems.

• 802.11,
• KRACK,
• vulnerabilities,
• Wi-Fi,
• WPA2

19 June 2017

This article is devoted to vulnerabilities in General Electric products. The article looks only at known vulnerabilities, a list of which was prepared based using the MITRE CVE database. All the vulnerabilities in question were uncovered in 2012 – 2016.

• General Electric,
• statistics,
• vulnerabilities

28 March 2017

The Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) is starting a series of regular publications about our research devoted to the threat landscape for industrial organizations.

• APT,
• industrial cybersecurity,
• phishing,
• statistics,
• vulnerabilities