Category: Industrial threats

JavaScriptSocial EngineeringSecurity FeedsIndustrial threatsFeaturedTargeted AttacksSpear PhishingRAT TrojanRussian-speaking cybercrime

Attacks on industrial enterprises using RMS and TeamViewer: new data

 Download full report (PDF) Executive Summary In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. We reported these attacks in 2018 in an article entitled “Attacks on industrial enterprises using RMS and TeamViewer“, but recent data shows that the attackers have modified their attack techniques and that the number of enterprises facing the…

Security FeedsMalware DescriptionsIndustrial threatsAPT reportsFeaturedTargeted AttacksRussian-speaking cybercrime

MontysThree: Industrial espionage with steganography and a Russian accent on both sides

In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no obvious similarities with already known campaigns at the level of code, infrastructure or TTPs. To date, we consider this toolset and the actor behind it to be new. The malware authors named the toolset “MT3”; following…

Security FeedsIndustrial threatsInternet of ThingsFeaturedTargeted AttacksDigital ForensicsSecurity conference

SAS@Home is back this fall

The world during the pandemic prepares many surprises for us. Most of them are certainly unpleasant: health risks, inability to travel or meet old friends. One of these unpleasant surprises awaited us in the early spring, when the organizing team of the beloved SAS conference were forced to announce that the event would be postponed to the fall. Later, another difficult but correct decision was made: to cancel the SAS conference altogether this year. At the same time, it was the pandemic that gave…

Security FeedsAPTIndustrial threatsVulnerabilities and exploitsVulnerability Statistics

Threat landscape for industrial automation systems. H1 2020 highlights

Overall downward trend for percentages of attacked computers globally Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. In H1 2020 the percentage of ICS computers on which malicious objects were blocked has decreased by 6.6 percentage points to 32.6%. The number was highest in Algeria (58.1%), and lowest in Switzerland (12.7%). Despite the overall tendency for the percentages of attacked computers to decrease, we…

Security FeedsIndustrial threatsPublicationsFeaturedVulnerabilities and exploitsData leaksMalicious spamMedical threatsMoney theft

Incident Response Analyst Report 2019

 Download full report (PDF) As an incident response service provider, Kaspersky delivers a global service that results in global visibility of adversaries’ cyber-incident tactics and techniques used in the wild. In this report, we share our teams’ conclusions and analysis based on incident responses and statistics from 2019. As well as a range of highlights, this report will cover the affected industries, the most widespread attack tactics and techniques, how long it took to detect and stop adversaries after initial entry and the most…

Security FeedsMalware DescriptionsIndustrial threatsAPT reportsFeaturedTargeted Attackssinkholing

WildPressure targets industrial-related entities in the Middle East

In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor have we seen any target intersections. In fact, we found just three almost unique samples, all in one country. So we consider the attacks to be targeted and have currently…

Security FeedsIndustrial threatsMalware StatisticsPublicationsFeaturedTargeted AttacksSecurity technologyAntivirus Technologies

Managed Detection and Response analytics report, H1 2019

 Download full report (PDF) Introduction This report contains the results of the Managed Detection and Response (MDR) service (brand name – Kaspersky Managed Protection). The MDR service provides managed threat hunting and initial incident response. Threat hunting is the practice of iteratively searching through data collected from sensors (referenced as telemetry or events) in order to detect threats that successfully evade automatic security solutions. A brief description of the service is provided at the end of this document. The MDR service processes security operations…

Security FeedsIndustrial threatsIndustrial control systemsMalware StatisticsInternet of Things

Threat landscape for smart buildings

The Kaspersky Industrial Cybersecurity Conference 2019 takes place this week in Sochi, the seventh such conference dedicated to the problems of industrial cybersecurity. Among other things, the conference will address the security of automation systems in buildings — industrial versions of the now common smart home. Typically, such a system consists of various sensors and controllers to manage elevators, ventilation, heating, lighting, electricity, water supply, video surveillance, alarm systems, fire extinguishing systems, etc.; it also includes servers that manage the controllers, as well as…

Security FeedsAPTIndustrial threatsMalware StatisticsPublicationsFinancial malwareFeaturedVulnerabilities and exploitsDDoS-attacksTrojan BankerSpam LettersMoney theft

Incident Response report 2018

Introduction This report covers our team’s incident response practices for the year 2018. We have thoroughly analyzed all the service requests, customer conversations and incident response deliverables to provide you an overview in numbers. The report includes statistics on how companies reveal data breaches and compromises, the attack vectors most commonly used by adversaries, how long they remain inside a company’s infrastructure and much more. We also provide some high-level recommendations to improve resilience against such attacks. The data used in this report comes…