Reports

This section presents an overview of threats related to ransomware activity against municipal institutions, industrial enterprises and critical infrastructure facilities.

The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.

In 2019, Kaspersky ICS CERT identified 103 vulnerabilities in industrial, IIoT/IoT, and other types of solutions.

The analysis of vulnerabilities was performed based on vendor advisories, publicly available information from open vulnerability databases (US ICS-CERT, CVE, Siemens Product CERT), as well as the results of Kaspersky ICS CERT’s own research.

In February 2019, researchers from the 360 Threat Intelligence Center reported continuing targeted attacks on Colombian government institutions and large companies in the financial sector, petroleum industry, manufacturing and other sectors.

We found just three almost unique samples, all in one country. So we consider the attacks to be targeted and have currently named this operation WildPressure.

Biometric data processing and storage Threats blocked on biometric data processing and storage systems Research focus Reporting period One third of systems under threat Threat sources Most dangerous Conclusion Initially, digital biometric data processing systems were used primarily by government agencies and special services (police, customs, etc.). However, the rapid evolution of information technology has...

Preparing for the research System description Possible attack vectors Objects of research Prior research Research findings LibVNC TightVNC TurboVNC UltraVNC CVE-2018-15361 CVE-2019-8262 Conclusion   In this article, we discuss the findings of research which covered several different implementations of a remote access system called Virtual Network Computing (VNC). As a result of this research, we...

This report includes some of the findings we arrived at while analyzing statistics on the threats blocked in H1 2019, which, we believe, could be important for a wide range of our readers. The report includes descriptions of dangerous threats, as well as some suggestions, which we believe to be valid, on vectors possibly used by malware to penetrate ICS computers.

We decided to study the live threats to building-based automation systems and to see what malware their owners encountered in the first six months of 2019.