DarkChronicles: the consequences of the Colonial Pipeline attack
This article began as an overview of the Colonial Pipeline incident. However, the events unfolded so rapidly that the scope of the publication has gone beyond a single incident.
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks
An incident investigation conducted by Kaspersky ICS CERT experts at one of the attacked enterprises revealed that attacks of the Cring ransomware exploit a vulnerability in FortiGate VPN servers.
APT attacks on industrial companies in 2020
Since 2018, Kaspersky ICS CERT has published annual summaries of advanced persistent threat (APT) activity targeting industrial-related organizations.
Threat landscape for industrial automation systems. Statistics for H2 2020
The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.
Threat landscape for the ICS engineering and integration sector. 2020
The threat landscape for computers in the ICS engineering and integration sector varies depending on a computer’s environment, including its geographical location, ability to access external networks and services, and user behavior.
Lazarus targets defense industry with ThreatNeedle
In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.
SunBurst industrial victims
We were specifically interested in analyzing how many industrial organizations used backdoored SolarWinds versions and fell victim to the attack.
ICS threat predictions for 2021
We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect from cybercriminals in 2021.
Attacks on industrial enterprises using RMS and TeamViewer: new data
This report in a nutshell Technical Analysis Spreading Malware Features Infrastructure Victims Attribution Conclusions. Recommendations Appendix I – Indicators of Compromise Appendix II – MITRE ATT&CK Mapping In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the...
Practical example of fuzzing OPC UA applications
We continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available. We also discuss an example of fuzzing using libfuzzer.