Collaborate Disseminate
In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. Continue reading Attacks on industrial enterprises using RMS and TeamViewer: new data
Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. The internet, removable media and email continue to be the main sources of threats in the ICS environment. Continue reading Threat landscape for industrial automation systems. H1 2020 highlights
In this report, we will discuss the numerous information security issues affecting biometric authentication systems and present the results of our own research, to provide additional information for a more objective evaluation of risks associated with using existing biometric authentication system implementations. Continue reading Biometric data processing and storage system threats
Kaspersky Lab ICS CERT team publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2018. Continue reading Threat Landscape for Industrial Automation Systems in H2 2018
We have identified an overlap between GreyEnergy, which is believed to be a successor to BlackEnergy group, and a Sofacy subset called “Zebrocy”. Both used the same servers at the same time and targeted the same organization. Continue reading GreyEnergy’s overlap with Zebrocy
It should therefore come as no surprise that our predictions from last year are still linked to currently unfolding trends. And while the fog has yet to clear, we decided to focus on the major problems that will affect the work of professionals involved into the industry, in 2019. Continue reading Threat predictions for industrial security in 2019
While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had used RATs to attack industrial organizations. Continue reading Threats posed by using RATs in ICS
In this report, Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018. Continue reading Threat Landscape for Industrial Automation Systems in H1 2018
This report by Kaspersky Lab ICS CERT presents information on identified servers that have been infected and used by the Energetic Bear/Crouching Yeti group. The report also includes the findings of an analysis of several webservers compromised by the group during 2016 and in early 2017. Continue reading Energetic Bear/Crouching Yeti: attacks on servers
Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017. The main objective of these publications is to provide information support to incident response teams, enterprise information security staff and researchers in the area of industrial facility security. Continue reading Threat Landscape for Industrial Automation Systems in H2 2017