Industrial threats – Page 2

Focus on DroxiDat/SystemBC

Posted on August 10, 2023 by Kurt Baumgartner

An unknown actor targeted an electric utility in southern Africa with Cobalt Strike beacons and DroxiDat, a new variant of the SystemBC payload. We speculate that this incident was in the initial stages of a ransomware attack. Continue reading Focus on DroxiDat/SystemBC→

Common TTPs of attacks against industrial organizations

Posted on August 10, 2023 by Kirill Kruglov, Vyacheslav Kopeytsev, Artem Snegirev

In 2022 we investigated a series of attacks against industrial organizations in Eastern Europe. In the campaigns, the attackers aimed to establish a permanent channel for data exfiltration, including data stored on air-gapped systems. Continue reading Common TTPs of attacks against industrial organizations→

The nature of cyberincidents in 2022

Posted on May 16, 2023 by Kaspersky GERT, Kaspersky Security Services

Kaspersky Incident Response report for 2022: incident response statistics, key trends and conclusions, expert recommendations. Continue reading The nature of cyberincidents in 2022→

Managed Detection and Response in 2022

Posted on May 2, 2023 by Kaspersky Security Services

Managed Detection and Response in 2022: number and severity of incidents, detection rate, breakdown by country and industry, data on cyberattacks in different regions. Continue reading Managed Detection and Response in 2022→

Threat landscape for industrial automation systems for H2 2022

Posted on March 6, 2023 by Kaspersky ICS CERT

In H2 2022, the percentage of ICS computers on which malicious objects were blocked increased by 3.5 percentage points compared to the previous six-month period, reaching 34.3%. Continue reading Threat landscape for industrial automation systems for H2 2022→

Reassessing cyberwarfare. Lessons learned in 2022

Posted on December 14, 2022 by GReAT, Kaspersky ICS CERT

In this report, we propose to go over the various activities that were observed in cyberspace in relation to the conflict in Ukraine, understand their meaning in the context of the current conflict, and study their impact on the cybersecurity field as a whole. Continue reading Reassessing cyberwarfare. Lessons learned in 2022→

ICS cyberthreats in 2023 – what to expect

Posted on November 22, 2022 by Evgeny Goncharov

The coming year looks to be much more complicated. In the post we share some of our thoughts on potential developments of 2023, though we cannot claim to be providing either a complete picture or a high degree of precision. Continue reading ICS cyberthreats in 2023 – what to expect→

IT threat evolution Q3 2022

Posted on November 18, 2022 by David Emm

Recent APT campaigns, a sophisticated UEFI rootkit, new ransomware for Windows, Linux and ESXi, attacks on foreign and crypto-currency exchanges, and malicious packages in online code repositories. Continue reading IT threat evolution Q3 2022→

The secrets of Schneider Electric’s UMAS protocol

Posted on September 29, 2022 by Kaspersky ICS CERT

Kaspersky ICS CERT report on vulnerabilities in Schneider Electric’s engineering software that enables UMAS protocol abuse. Continue reading The secrets of Schneider Electric’s UMAS protocol→

Threat landscape for industrial automation systems for H1 2022

Posted on September 8, 2022 by Kaspersky ICS CERT

H1 2022 in numbers Geography In H1 2022, malicious objects were blocked at least once on 31.8% of ICS computers globally. Percentage of ICS computers on which malicious objects were blocked For the first time in five years of observations, the lowest percentage in the ‎first half of the year was observed in March.‎ During Continue reading Threat landscape for industrial automation systems for H1 2022→