Threat landscape for industrial automation systems. H2 2018

27 March 2019

Key Events – H2 2018 APT attacks on industrial targets APT attack by the Leafminer group New GreyEnergy malware The Sharpshooter campaign MuddyWater Cloud Hopper Shamoon v.3 Cybercrime Activity Ransomware attacks Phishing attacks on Russian industrial companies Phishing attacks on enterprises around the world Vulnerabilities identified in 2018 Vulnerabilities in various ICS components Number of...
GreyEnergy’s overlap with Zebrocy

24 January 2019

Kaspersky Lab ICS CERT has identified an overlap between GreyEnergy and a Sofacy subset called “Zebrocy”. The Zebrocy activity was named after malware that Sofacy group began to use since mid-November 2015 for the post-exploitation stage of attacks on its victims. Zebrocy’s targets are widely spread across the Middle East, Europe and Asia and the targets’ profiles are mostly government-related.
Security research: ThingsPro Suite – IIoT gateway and device manager by Moxa

22 January 2019

It is obvious that the security of products that are part of the industrial internet of things (IIoT) ecosystem requires special attention. This time, our research focused on ThingsPro Suite – an IIoT gateway and device manager by Moxa.
Challenges of industrial cybersecurity

17 January 2019

The danger posed by cyber-physical technologies to the industrial process and equipment is increasingly acknowledged by specialists working at industrial enterprises, information security researchers and government agencies of most countries.
Threats posed by using RATs in ICS

20 September 2018

The paper provides an analysis of the prevalence of remote administration tools on OT networks and the threats associated with their use.
Threat landscape for industrial automation systems: H1 2018

06 September 2018

In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.
Attacks on industrial enterprises using RMS and TeamViewer

01 August 2018

Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production.
The State of Industrial Cybersecurity 2018: findings of joint survey by Kaspersky Lab and PAC

28 June 2018

Kaspersky Lab has published the results of The State of Industrial Cybersecurity study carried out in collaboration with PAC, a CXP Group Company, and based on a survey of 320 professionals representing companies from such sectors as manufacturing and industrial production, energy, mining, transport, and logistics.
OPC UA security analysis

10 May 2018

This paper discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. In publishing this material, we hope to draw the attention of vendors that develop software for industrial automation systems and the industrial internet of things to problems associated with using such widely available technologies, which turned out to be quite common.
Energetic Bear / Crouching Yeti: attacks on servers

23 April 2018

This report by Kaspersky Lab ICS CERT presents information on identified servers that have been infected and used by the group. The report also includes the findings of an analysis of several webservers compromised by the Energetic Bear group during 2016 and in early 2017.