07 April 2021
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks
An incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.
29 March 2021
APT attacks on industrial companies in 2020
Overview of APT attacks on industrial enterprises information on which was published in 2020.
25 March 2021
Threat landscape for industrial automation systems. Statistics for H2 2020
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
17 March 2021
Threat landscape for the ICS engineering and integration sector. 2020
The threat landscape for computers in the ICS engineering and integration sector varies depending on a computer’s environment, including its geographical location, ability to access external networks and services, and user behavior.
25 February 2021
Lazarus targets defense industry with ThreatNeedle
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
26 January 2021
SunBurst industrial victims
How many industrial organizations had installed backdoored SolarWinds versions? We present the results of our analysis.
02 December 2020
ICS threat predictions for 2021
We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
05 November 2020
Attacks on industrial enterprises using RMS and TeamViewer: new data
The attacks use remote administration utilities whose graphical user interface is hidden by the malware, enabling the attackers to control the infected system without the user’s knowledge.
19 October 2020
Practical example of fuzzing OPC UA applications
We continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available. We also discuss an example of fuzzing using libfuzzer.
13 October 2020
What it feels like for a turbine
The goal of the article is to raise awareness on security of Distributed Control Systems (DCS), propose a methodology for assessment, and a remediation strategy. Defenders are always behind attackers, and this publication is trying to balance things out.