Industrial Security


  • US Treasury sanctions Russian research institute behind Triton malware

    October 23, 2020

    The US Treasury Department announced sanctions today against a Russian research institute for its role in developing Triton, a malware strain designed to attack industrial equipment. Sanctions were levied today against the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics (also known as CNIIHM or TsNIIKhM). A FireEye report ...

  • MontysThree: Industrial espionage with steganography and a Russian accent on both sides

    October 8, 2020

    In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no obvious similarities with already known campaigns at ...

  • Threat landscape for industrial automation systems. H1 2020

    September 24, 2020

    Beginning in H2 2019 we have observed a tendency for decreases in the percentages of attacked computers, both in the ICS and in the corporate and personal environments. In H1 2020 the percentage of ICS computers on which malicious objects were blocked has decreased by 6.6 percentage points to 32.6%. The number was highest in Algeria (58.1%), ...

  • A Blind Spot in ICS Security: The Protocol Gateway [Part 3] What ICS Security Administrators can Do

    September 23, 2020

    A protocol gateway is a small network device, also called a “protocol converter” or “IoT gateway.” It is similar to an “interpreter” in the digital word, and acts as a communications intermediary between different protocols. As the integration of networks accelerates with IoT, protocol conversion grows increasingly important. However, the security of protocol gateways has ...

  • Critical Industrial Flaws Pose Patching Headache For Manufacturers

    September 23, 2020

    While patch management already presents challenges for enterprises, it’s even more of a headache for manufacturers and other industrial firms – who may even need to shut down entire factory operations in order to apply fixes. Sharon Brizinov, the principal vulnerability researcher with Claroty, has discovered and reported various security flaws in industrial control systems (ICS), ...

  • Strategic investment to secure smart factories

    September 9, 2020

    Security is undergoing a digital transformation in the manufacturing industry. As the fusion of the cyber world and the physical world progresses, various security issues are mounting. Manufacturing executives must view security as a management issue, not as a system issue. Is cyber security a cost or an investment? Trend Micro has published an ebook that focuses ...

  • Cyberthreats for ICS in Energy in Europe. Q1 2020

    September 4, 2020

    Computers in European countries which are used to configure, maintain and control equipment in the energy industry on which Kaspersky products are installed. This includes Windows computers on which various software packages for the energy industry are installed, including but not limited to human-machine interface (HMI), OPC gateway, engineering, control and data acquisition software. Overall, in ...

  • NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug

    July 24, 2020

    The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S. Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module. These safety instrumented system (SIS) controllers are ...

  • This is how EKANS ransomware is targeting industrial control systems

    July 2, 2020

    New samples of the EKANS ransomware have revealed how today’s cyberattackers are using a variety of methods to compromise key industrial companies. In a research report published on Wednesday, FortiGuard Labs researchers Ben Hunter and Fred Gutierrez said that malware designed to attack industrial control systems (ICS) continues to be lucrative for threat actors. While ransomware only accounted for ...

  • RATicate Group Hits Industrial Firms With Revolving Payloads

    May 15, 2020

    At least six separate campaigns have been tied to RATicate, with the first wave starting November and the most recent spotted in March. All campaigns leveraged Nullsoft Scriptable Install System (NSIS), a legitimate, open-source tool used to create Windows installers, to ultimately drop various remote access trojans (RATs) on victims’ systems. More recently, “a new campaign ...

  • Threats and Consequences A Security Analysis of Smart Manufacturing Systems

    May 11, 2020

    In the era of Industry 4.0, there has been increasing adoption of smart manufacturing technologies by organizations looking to improve their manufacturing efficiency. While this has provided plenty of benefits, such as enhanced productivity at lower costs, it has also introduced new attack vectors that can be exploited by threat actors looking to gain a foothold ...

  • PoetRAT Trojan targets energy sector using coronavirus lures

    April 17, 2020

    Government and energy sectors are being targeted in a new campaign that weaponizes the coronavirus outbreak. On Thursday, Cisco Talos researchers Warren Mercer, Paul Rascagneres and Vitor Ventura published an analysis of a new campaign that deploys PoetRAT, a previously-undiscovered Remote Access Trojan (RAT) striking both the Azerbaijan government and utility companies. According to the team, the malware attacks supervisory control ...

  • WildPressure APT targets industrial-related entities in the Middle East

    March 24, 2020

    In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor have ...

  • Monitoring ICS Cyber Operation Tools and Software Exploit Modules To Anticipate Future Threats

    March 23, 2020

    There has only been a small number of broadly documented cyber attacks targeting operational technologies (OT) / industrial control systems (ICS) over the last decade. While fewer attacks is clearly a good thing, the lack of an adequate sample size to determine risk thresholds can make it difficult for defenders to understand the threat environment, ...

  • The IIoT Threat Landscape: Securing Connected Industries

    March 18, 2020

    The Industrial Internet of Things (IIoT) provides bridges of connectedness that enable seamless IT and OT convergence. However, threat actors can cross these bridges to compromise systems. As the use of IoT extends beyond the home and goes into the vast industrial landscape, the scale of threats likewise grows. With that being said, some components of ...

  • Critical Bugs in Rockwell, Johnson Controls ICS Gear

    March 10, 2020

    Security vulnerabilities that require very little skill to exploit have been discovered in industrial control systems (ICS) gear from Rockwell Automation and Johnson Controls, which anchor a flurry of bug disclosures impacting critical infrastructure. First, a set of critical vulnerabilities in Rockwell Automation gear affect MicroLogix 1400 Controllers, MicroLogix 1100 Controllers and RSLogix 500 Software. The ...

  • RSAC 2020: Ransomware a ‘National Crisis,’ CISA Says, Ramps ICS Focus

    February 28, 2020

    Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this year – especially as ransomware looms as a main threat to the sector going forward. That’s according to Christopher Krebs, director of CISA, speaking at RSA Conference 2020 this week. “My agency ...

  • NERC CIP compliance in Azure

    February 12, 2020

    When I did my first North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) compliance project it was 2009. NERC CIP was at version 3. It was the first mandatory cybersecurity standard that the utility I was working for had to meet. As it does today, the Bulk Electric System (BES) had the responsibility to ...

  • Fake Smart Factory Honeypot Highlights New Attack Threats

    January 24, 2020

    A honeypot set up to observe the current security landscape in smart manufacturing systems observed numerous threats—including cryptomining malware and ransomware—in just a few months, highlighting the new threats that industrial control systems (ICS) face with increased exposure to the internet. While in the past ICS networks were traditionally proprietary and closed systems, the advent of ...

  • Critical Remote Code-Execution Bugs Threaten Global Power Plants

    December 12, 2019

    Siemens industrial equipment commonly found in fossil-fuel and large-scale renewable power plants are riddled with multiple security vulnerabilities, the most severe of which are critical bugs allowing remote code-execution. The affected product is SPPA-T3000, a distributed control system used for orchestrating and supervising electrical generation at major power plants in the U.S., Germany, Russia and other ...