Industrial threats

Now, this unique year presents us with a new surprise: the second SAS in one calendar year! Once again, everyone can visit this online event.

Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. The internet, removable media and email continue to be the main sources of threats in the ICS environment.

As an incident response service provider, Kaspersky delivers a global service that results in a global visibility of adversaries’ cyber-incident tactics and techniques on the wild. In this report, we share our teams’ conclusions and analysis based on incident responses and statistics from 2019.

With the dramatic increase in the amount and transfer speed of connected devices, comes natural expansion and amplification of the threats. The evolution, development, and connectivity of numerous systems within 5G opens the door for numerous threats.

In this report, we will discuss the numerous information security issues affecting biometric authentication systems and present the results of our own research, to provide additional information for a more objective evaluation of risks associated with using existing biometric authentication system implementations.

This report contains the results of the Managed Detection and Response (MDR) service. The MDR service provides managed threat hunting and initial incident response.

We decided to study the live threats to building-based automation systems and to see what malware their owners encountered in the first six months of 2019.

This report covers our team’s incident response practices for the year 2018. We have thoroughly analyzed all the service requests, customer conversations and incident response deliverables to provide you an overview in numbers.

Kaspersky Lab ICS CERT team publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2018.

We have identified an overlap between GreyEnergy, which is believed to be a successor to BlackEnergy group, and a Sofacy subset called “Zebrocy”. Both used the same servers at the same time and targeted the same organization.

All too often, both rely on manipulating human psychology as a way of compromising entire systems or individual computers. Increasingly, the devices targeted also include those that we don’t consider to be computers – from children’s toys to security cameras. Here is our annual round-up of major incidents and key trends from 2018

It should therefore come as no surprise that our predictions from last year are still linked to currently unfolding trends. And while the fog has yet to clear, we decided to focus on the major problems that will affect the work of professionals involved into the industry, in 2019.

While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors had used RATs to attack industrial organizations.

In this report, Kaspersky Lab ICS CERT publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018.

Each year, Kaspersky Lab’s Security Services department carries out dozens of cybersecurity assessment projects for companies worldwide. In this publication, we present a general summary and statistics for the cybersecurity assessments we have conducted of corporate information systems throughout 2017.