Collaborate Disseminate
While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had used RATs to attack industrial organizations. Continue reading Threats posed by using RATs in ICS
In this report, Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018. Continue reading Threat Landscape for Industrial Automation Systems in H1 2018
Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production. Continue reading Attacks on industrial enterprises using RMS and TeamViewer
This article discusses our project that involved searching for vulnerabilities in implementations of the OPC UA protocol. We hope to draw the attention of vendors that develop software for industrial automation systems and the industrial IoT to problems associated with using such widely available technologies. Continue reading OPC UA security analysis
This report by Kaspersky Lab ICS CERT presents information on identified servers that have been infected and used by the Energetic Bear/Crouching Yeti group. The report also includes the findings of an analysis of several webservers compromised by the group during 2016 and in early 2017. Continue reading Energetic Bear/Crouching Yeti: attacks on servers
Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2017. The main objective of these publications is to provide information support to incident response teams, enterprise information security staff and researchers in the area of industrial facility security. Continue reading Threat Landscape for Industrial Automation Systems in H2 2017
We confront hundreds of thousands of new threats every day and we can see that threat actors are on a constant lookout for new attack opportunities. According to our research, connecting a software license management token to a computer may open a hidden remote access channel for an attacker. Continue reading A silver bullet for the attacker
Looking back at a year like 2017 brings the internal conflict of being a security researcher into full view: on the one hand, each new event is an exciting new research avenue for us, as what were once theoretical problems find palpable expression in reality. On the other hand, as people with a heightened concern for the security posture of users at large, each event is a bigger catastrophe. Continue reading Kaspersky Security Bulletin: Threat Predictions for 2018
2017 was one of the most intense in terms of incidents affecting the information security of industrial systems. Security researchers discovered and reported hundreds of new vulnerabilities, warned of new threat vectors in ICS and technological processes, provided data on accidental infections of industrial systems and detected targeted attacks. Continue reading Threat Predictions for Industrial Security in 2018
Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the results of its research on the threat landscape for industrial automation systems for the first six months of 2017. Continue reading Threat Landscape for Industrial Automation Systems in H1 2017