Publications

18 September 2019

This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.

• Codesys,
• Codesys Runtime,
• vulnerabilities

18 September 2019

This article continues the discussion of research on popular OEM technologies that are implemented in the products of a large number of vendors. Vulnerabilities in such technologies are highly likely to affect the security of many, if not all, products that use them. In some cases, this means hundreds of products that are used in industrial environments and in critical infrastructure facilities. This is the case with CODESYS Runtime, a framework by CODESYS designed for developing and executing industrial control system software.

• Codesys,
• Codesys Runtime,
• vulnerabilities

14 August 2019

The purpose of the IoT Security Maturity Model (IoT SMM) is to help choose protection measures against cyberthreats that correspond to the company’s actual business needs.

• IIC,
• IoT

01 July 2019

In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API.

• Fibaro,
• Fibaro Home Center,
• IoT

27 March 2019

Main events of the six-month period, vulnerabilities identified in 2018, relevant threats, and statistics from ICS computers protected by Kaspersky products.

• APT,
• automotive,
• phishing,
• ransomware,
• statistics,
• vulnerabilities

24 January 2019

Zebrocy is the name given to a subset of the Sofacy group (aka Fancy Bear, Sednit, APT28, Tsar Team, etc.). GreyEnergy and Zebrocy used the same servers at the same time and attacked the same organization.

• APT,
• GreyEnergy,
• Zebrocy

22 January 2019

The security of products such as IIoT requires special attention. This time, the subject of our research was the ThingsPro Suite, an IIoT gateway and device manager from Moxa.

• IoT,
• Moxa,
• ThingsPro Suite,
• vulnerabilities

17 January 2019

Factors that have a significant effect, now and going forward, on the threat landscape, on the development, implementation, and use of organizational and technical measures to protect industrial facilities, and the main issues associated with ensuring the cybersecurity of industrial enterprises.

• industrial cybersecurity

20 September 2018

The paper provides an analysis of the prevalence of remote administration tools on OT networks and the threats associated with their use.

• RAT,
• RMS,
• statistics,
• TeamViewer

06 September 2018

In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.

• APT,
• phishing,
• RMS,
• TeamViewer,
• vulnerabilities