MAP
BUZZ
INDUSTRIAL CYBERTHREATS
REAL-TIME MAP
MAP
BUZZ
Why APTs are so successful – stories from IR trenches
APT attacks on industrial organizations in H2 2022
H2 2022 – brief overview of main incidents in industrial cybersecurity
Threat landscape for industrial automation systems. Statistics for H2 2022
Unusual penetration techniques – in the wild and in Red Team research
ICS cyberthreats in 2023 – what to expect
Digital twins and ensuring the cybersecurity of enterprises. Oil and gas industry
WAGO 750 Controllers. Denial of service of the FTP server
The secrets of Schneider Electric’s UMAS protocol
H1 2022 – a brief overview of the main incidents in industrial cybersecurity
Threat landscape for industrial automation systems. Statistics for H1 2022
Targeted attack on industrial enterprises and public institutions
Dynamic analysis of firmware components in IoT devices
Attacks on industrial control systems using ShadowPad
Draft of the NIST Guide #800-82 – what has changed
ISaPWN – research on the security of ISaGRAF Runtime
Schneider Electric EcoStruxure Control Expert / Process Expert, SCADAPack RemoteConnect for x70. Information leak from project file
Schneider Electric Modicon M340/M580 Authentication Bypass by Spoofing
Vulnerability in ICS: assessing the severity
Vulnerabilities in Tekon-Automatics solution: (ir)responsible disclosure and scope of the problem
Kaspersky’s statement on the FIRST membership suspension
Threat landscape for industrial automation systems. Statistics for H2 2021
APT attacks on industrial companies in H2 2021
Bosch AMC2. Missing authentication for critical function
Bosch AMC2. Information Disclosure due to Hard-coded Cryptographic Key
Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks
Log4Shell at industrial enterprises
TÜV Austria Academy will offer Kaspersky training courses
PseudoManuscrypt: a mass-scale spyware attack campaign
Kaspersky Industrial Cybersecurity Conference 2021
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
APT attacks on industrial organizations in H1 2021
Threat landscape for industrial automation systems. Statistics for H1 2021
Rockwell Automation ISaGRAF Runtime: Information Disclosure due to cleartext storage of passwords in a file and memory
Rockwell Automation ISaGRAF Runtime: Information Disclosure due to Hard-coded Cryptographic Key
Rockwell Automation ISaGRAF Runtime: Code Execution due to Uncontrolled Search Path Element
Rockwell Automation ISaGRAF Runtime: Information Disclosure due to Cleartext Transmission of Information over IXL protocol
Rockwell Automation ISaGRAF Runtime: Code Execution due to Relative Path Traversal
Robert Bosch GmbH CPP HD/MP cameras. Denial of Service via GET HTTP request
Robert Bosch GmbH CPP HD/MP cameras. Improper Input Validation in Web service application
Robert Bosch GmbH CPP HD/MP cameras. Reflected XSS in a page parameter
Robert Bosch GmbH CPP HD/MP cameras. Multiple reflected XSS in URI handlers
Robert Bosch GmbH CPP HD/MP cameras. Missing Authentication vulnerability for Critical Functions
DarkChronicles: the consequences of the Colonial Pipeline attack
Moxa NPort IA5000A Series. Cleartext Transmission of Sensitive Information via Moxa Service
Moxa NPort IA5000A Series. Using the Telnet service
Moxa NPort IA5000A Series. Passwords stored in plaintext
Moxa NPort IA5000A Series. Broken access control
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks
Good old buffer overflow
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0
APT attacks on industrial companies in 2020
Threat landscape for industrial automation systems. Statistics for H2 2020
Threat landscape for the ICS engineering and integration sector. 2020
More critical vulnerabilities identified in OPC protocol implementations
Authentication bypass in Rockwell Automation Logix controllers
Lazarus targets defense industry with ThreatNeedle
Classics: vulnerabilities in web console and third-party components in Pepperl+Fuchs IO-Link-Master gateways
Getting back on Treck: more vulnerabilities in the infamous TCP/IP Stack
Much ado about the certificate: what one should know about Siemens SCALANCE X switch configuration to avoid MitM
Cryptographic deadly sins and the security of Modicon M100/M200/M221
From buffer overflow to switchboard setup errors: vulnerabilities in building operation software by Schneider Electric
Twentieth for Ripple20: Vulnerability in embedded web server of I/O expansion modules for IoT
Critical vulnerability in Schneider Electric HMI configuration software
A classic that needs updating: fresh vulnerabilities in the software of Siemens SCALANCE X switches
SunBurst industrial victims
ICS threat predictions for 2021
Are industrial organizations a target for cybercriminals?
Kaspersky ICS CERT goes virtual with the Deggendorf Institute of Technology!
First things first: Kaspersky ICS CERT becomes new member of the global Forum of Incident Response and Security Teams (FIRST)
ENISA publishes guidelines for securing internet of things supply chain
Municipal services at Canadian City of Saint John down due to cyberattack
Attacks on industrial enterprises using RMS and TeamViewer: new data
Practical example of fuzzing OPC UA applications
What it feels like for a turbine
Session Information Exposure in ARC Informatique PcVue
Denial-of-Service in ARC Informatique PcVue
Remote Code Execution in ARC Informatique PcVue
MontysThree: Industrial espionage with steganography and a Russian accent on both sides
Threat landscape for industrial automation systems. H1 2020
The State of Industrial Cybersecurity 2020
Cyberthreats for ICS in Energy in Europe. Q1 2020
Session token exposed in Honeywell ControlEdge PLC and RTU
Unencypted password transmission in Honeywell ControlEdge PLC and RTU
Targeted attacks on industrial companies using Snake ransomware (updated)
Steganography in attacks on industrial enterprises (updated)
Multiple vulnerabilities in EcoStruxure Operator Terminal Expert
Dangerous vulnerabilities in Emerson OpenEnterprise
Cyber incidents in industrial enterprises during the first half of May: Stadler, Elexon, BlueScope
Missing Authentication in Emerson OpenEnterprise SCADA before 3.3.4
Inadequate Encryption Strength in Emerson OpenEnterprise SCADA before 3.3.4
Improper Ownership Management in Emerson OpenEnterprise SCADA before 3.3.4
Overview of recommendations on organizing secure remote work for critical infrastructure and other facilities
Multiple vulnerabilities in ABB 800xA DCS
Targeted attacks on Israeli water supply and wastewater treatment facilities
Malicious campaigns against Azerbaijan’s government and industrial organizations
Threat landscape for industrial automation systems. Overall global statistics – H2 2019
Threat landscape for industrial automation systems. Ransomware and other malware: key events of H2 2019
Threat landscape for industrial automation systems. APT attacks on industrial companies in 2019
Threat landscape for industrial automation systems. Vulnerabilities identified in 2019
Threat landscape for industrial automation systems. 2019 Report at a glance
Dozens of Siemens industrial devices are affected by DoS vulnerabilities
New ransomware attacks on industrial enterprises
Multiple vulnerabilities in Advantech WebAccess/NMS
Threat actor behind Ruyk malware continues attacks on medical facilities despite epidemic
WildPressure targets industrial-related entities in the Middle East
Remote Code Execution on LibVNC version prior to 0.9.12
Remote Code Execution on TigerVNC version prior to 1.10.1
Remote Code Execution on TigerVNC version prior to 1.10.1
Remote Code Execution on TigerVNC version prior to 1.10.1
Remote Code Execution on TigerVNC version prior to 1.10.1
Remote Code Execution on TigerVNC version prior to 1.10.1
Remote Code Execution on Emerson OpenEnterprise SCADA Server version 2.83 and all versions of OpenEnterprise 3.1 through 3.3.3
XXE on Moxa’s cellular management software OnCell Central Manager Version lower than 2.4.1
Remote Code Execution on Moxa’s cellular management software OnCell Central Manager Version lower than 2.4.1
Kaspersky conducts ICS digital forensics and incident response training course in China
Ransomware attack on Picanol paralyzes production at plants in Belgium, Romania, and China
Dustman wiper attack on Bapco oil company
Ryuk ransomware attacks unnamed US maritime transportation facility
German cities under attack by Emotet botnet
Multiple vulnerabilities in WAGO PLCs
More ransomware attacks
Multiple vulnerabilities in Modicon controllers
Multiple vulnerabilities in SPPA-T3000 components
Multiple vulnerabilities in Siemens products
Biometric data processing and storage system threats
Applied industrial cybersecurity by Kaspersky at the Deggendorf Institute of Technology
VNC vulnerability research
7th Kaspersky Industrial Cybersecurity Conference
Denial of Service in RDesktop before 1.8.4
Vulnerability in Cisco IOS and IOS XE affecting industrial routers
Cyberattack on Rheinmetall technology group
Threat landscape for industrial automation systems, H1 2019
Threat landscape for smart buildings. H1 2019 in brief
Security research: CODESYS Runtime, a PLC control framework. Part 3
Security research: CODESYS Runtime, a PLC control framework. Part 2
Security research: CODESYS Runtime, a PLC control framework. Part 1
Multiple vulnerabilities identified in Red Lion Controls Crimson software
Software vulnerabilities in EZ Touch Editor and EZ PLC Editor
State of Industrial Cybersecurity: survey by Kaspersky and ARC Advisory Group
Industrial Internet Consortium will support Kaspersky Industrial Cybersecurity Conference 2019 as Association Partner
The internet of things security maturity model: a nudge for IoT cybersecurity
CODESYS V3 Password transmission vulnerability
Vulnerabilities fixed in Mitsubishi Electric FR Configurator2
Dangerous vulnerabilities in Siemens TIA Administrator, SIMATIC WinCC and PCS7
Dangerous vulnerability in the IGSS system
Multiple vulnerabilities in Schneider Electric Floating License Manager
New vulnerability in Schneider Electric Modicon PLCs
How we hacked our colleague’s smart home, or morning drum bass
Multiple vulnerabilities in ABB HMI solutions
Critical vulnerability in SICK MSC800 PLC
Multiple vulnerabilities in Advantech WebAccess/SCADA
Vulnerabilities in Phoenix Contact’s Automation Worx Software Suite
Critical vulnerabilities in WAGO industrial switches
Ransomware disrupts production at four ASCO Industries plants
Dangerous vulnerabilities identified in Phoenix Contact industrial switches and controllers
Dangerous vulnerability fixed in Cisco Industrial Network Director
Multiple vulnerabilities in Optergy Proton/Enterprise building management system
Hasplm cookie without HTTPOnly attribute
Gemalto Admin Control Center uses cleartext communication with www3.safenet-inc.com
Critical vulnerabilities identified by Kaspersky Lab have been corrected in Siemens SIMATIC WinCC and SIMATIC PCS 7
Remote Code Execution Vulnerability in Siemens SIMATIC WinCC and SIMATIC PCS 7
Siemens WinCC local denial of service
Siemens SIMATIC WinCC and SIMATIC PCS 7 remote code execution using specially crafted project files
Kaspersky Industrial CTF 2019 Finals Results
Cybersecurity Insight – MIT workshops in partnership with Kaspersky Lab
Threat landscape for industrial automation systems. H2 2018
Metallurgical giant Norsk Hydro attacked by encrypting malware
UltraVNC Improper Initialization
UltraVNC Stack-based Buffer Overflow
UltraVNC Improper Null Termination
UltraVNC Heap-based Buffer Overflow
UltraVNC Heap-based Buffer Overflow
UltraVNC Off-by-one Error
UltraVNC Heap-based Buffer Overflow
UltraVNC Out-of-bounds Read
UltraVNC Stack-based Buffer Overflow
UltraVNC Off-by-one Error
UltraVNC Out-of-bounds Read
UltraVNC Access of Memory Location After End of Buffer
UltraVNC Access of Memory Location After End of Buffer
UltraVNC Access of Memory Location After End of Buffer
UltraVNC Stack-based Buffer Overflow
UltraVNC Access of Memory Location After End of Buffer
UltraVNC Heap-based Buffer Overflow
UltraVNC Out-of-bound Read
UltraVNC Out-of-bound Read
UltraVNC Memory Leak
UltraVNC Heap-based Buffer Overflow
UltraVNC Buffer Underwrite
AVEA Wonderware System Platform Vulnerability – Unauthorized Access to Credentials
DeltaV Authentication Bypass
Kaspersky Lab has taken part in S4x19 Industrial Cybersecurity Conference
GreyEnergy’s overlap with Zebrocy
Security research: ThingsPro Suite – IIoT gateway and device manager by Moxa
Kaspersky Lab Joins Cybersecurity at MIT Sloan for Third Annual Academic Seminar
Challenges of industrial cybersecurity
Vulnerabilities in Schneider Electric industrial solutions
CodeSYS Control V3 Use of Insufficiently Random Values
CodeSYS Control V3 Improper Communication Address Filtering
CodeSYS Control V3 Access Control Inactive by Default
LibVNC NULL Pointer Dereference
LibVNC Memory leak
LibVNC Multiple Memory Leaks
LibVNC Infinite Loop
LibVNC Heap Out-of-Bound Write
LibVNC Multiple Heap Out-of-Bound Vulnerabilities
LibVNC Heap Out-of-Bound Write
LibVNC Heap Use-After-Free
LibVNC Heap Use-After-Free
Critical vulnerabilities in Siemens SINUMERIK controllers
Kaspersky Lab and Fraunhofer IOSB conduct another joint training
IoT Security in the ‘Smart Manufacturing’ world: a new study by ENISA
General Electric Proficy GDS XML eXternal Entity (XXE)
Kaspersky Industrial CTF 2018 Qualifications Results
Kaspersky Lab ICS CERT Hands-on: IoT vulnerability research and exploitation training
Critical vulnerability in Modicon M221 PLC
RATs - are they Useful or Dangerous for your ICS
Web vulnerabilities in Siemens SIMATIC operator panels
Vulnerabilities in Siemens industrial products
Schneider Electric has fixed a vulnerability in SESU software
Critical vulnerabilities in CirCarLife electric vehicle chargers
Critical vulnerabilities in AVEVA industrial software
Multiple vulnerabilities in Advantech WebAccess
Kaspersky Lab challenges whitehats to find flaws in IoT devices, in Capture the Flag competition
Phishing attack targeting Italian naval and defense industry
New GreyEnergy malware attacks industrial networks
Moxa ThingsPro IIoT Gateway and Device Management Software Solutions: Remote Code Execution
Moxa ThingsPro IIoT Gateway and Device Management Software Solutions: Hidden Token Access
Moxa ThingsPro IIoT Gateway and Device Management Software Solutions: Sensitive Information Stored in Clear Text
Moxa ThingsPro IIoT Gateway and Device Management Software Solutions: Password Management Issue
Moxa ThingsPro IIoT Gateway and Device Management Software Solutions: Broken Access Control
Moxa ThingsPro IIoT Gateway and Device Management Software Solutions: User Privilege Escalation
Moxa ThingsPro IIoT Gateway and Device Management Software Solutions: User Enumeration
Opportunities and challenges in digital transformation: sixth industrial cybersecurity conference organized by Kaspersky Lab
Siemens fixes new vulnerabilities in its products
Multiple vulnerabilities in Wecon PI Studio
Bridging the ICS cybersecurity awareness gap: webinar by Kaspersky Lab Fraunhofer IOSB
First joint training by Kaspersky Lab and Fraunhofer IOSB
Critical vulnerabilities in Entes EMG 12 converters
Multiple vulnerabilities in Fuji Electric industrial products
Critical vulnerabilities in Emerson AMS Device Manager
DeltaV Remote Code Execution
Dangerous vulnerabilities in Siemens industrial solutions
Threats posed by using RATs in ICS
Schneider Electric products shipped with infected USB media
Buffer overflow vulnerabilities in industrial automation products by Opto22
Threat landscape for industrial automation systems: H1 2018
Vulnerabilities in Schneider Electric industrial devices
Princeton University researchers: causing power outages with IoT botnet
Multiple vulnerabilities in Emerson DeltaV DCS industrial workstations
Eltex ESR-200 Router Default Password Usage
Eltex ESR-200 Router Unsecure sudo Configuration
Eltex ESR-200 Router Build-in user with highest privileges
Eltex ESR-200 Router Information Disclosure
Eltex ESR-200 Router command injection
Kraftway-24F2XG Router Outdated Certificate Usage
Kraftway-24F2XG Router Denial of Service
Kraftway-24F2XG Router Possible Remote Code Execution
Kraftway-24F2XG Router Denial of Service
Kraftway-24F2XG Router Denial of Service
Kraftway-24F2XG Router Default Credentials
Zipato Zipabox Sensitive Information Disclosure
Zipato Zipabox Weak Hash Algorithm
Zipato Zipabox Insecure configuration storage
APT group called RASPITE attacks industrial enterprises
The Third Specialized Conference “IT Security for Industrial Systems” in Frankfurt
Critical vulnerabilities in WECON LeviStudioU
Attacks on industrial enterprises using RMS and TeamViewer
Buffer overflow vulnerabilities in AVEVA HMI solutions
Dangerous vulnerability fixed in Moxa NPort serial network interface devices
Dangerous vulnerability identified in ABB Panel Builder 800 engineering software
Multiple vulnerabilities fixed in WAGO operator panels
DoS vulnerabilities in SIPROTEC 5 relays and EN100 communication module
Multiple vulnerabilities in Allen-Bradley Stratix 5950 appliances
The State of Industrial Cybersecurity 2018: findings of joint survey by Kaspersky Lab and PAC
Vulnerability in Delta Industrial Automation COMMGR software
DoS vulnerability in Allen-Bradley CompactLogix and Compact GuardLogix controllers
Cyberattack on satellite communications companies
Dangerous vulnerabilities fixed in Siemens routers and switches
Multiple vulnerabilities in U.motion Builder
Serious vulnerability in RSLinx Classic and FactoryTalk Linx Gateway by Rockwell Automation
Critical vulnerability in Yokogawa STARDOM controllers
Multiple vulnerabilities in Schneider Electric Floating License Manager
VPNFilter malware can be used to detect SCADA equipment
Serious vulnerabilities in TELEM-GW6/GWM data concentrators
Serious vulnerability fixed in PACSystems industrial controllers
Dangerous vulnerabilities identified in FL SWITCH industrial Ethernet switches
OPC Foundation Consortium comments on Kaspersky Lab’s OPC UA security analysis report
DoS vulnerability in SIMATIC S7-400 controllers
Multiple vulnerabilities closed in Advantech WebAccess
OPC UA security analysis
Vulnerabilities in Advantech WebAccess HMI Designer
Energetic Bear / Crouching Yeti: attacks on servers
Education initiative by Kaspersky Lab ICS CERT and Fraunhofer IOSB
Vulnerabilities in Rockwell Automation industrial networking solutions
Critical vulnerabilities in Schneider Electric industrial solutions
Vulnerabilities in Moxa EDR-810 routers
Internet of Things Security Maturity Model description to be published
Multiple vulnerabilities closed in U.motion Builder building automation solution
Attack on Cisco switches
Critical vulnerability closed in Moxa AWK-3131A industrial access point
DoS vulnerability in Siemens SIMATIC products
Open for Insights: Kaspersky Lab Industrial Cybersecurity Conference 2018 Call for Papers
Critical vulnerability closed in TIM 1531 IRC modules
New vulnerabilities in Allen Bradley MicroLogix 1400 PLCs
Multiple vulnerabilities identified in the Modicon family of industrial controllers
Improper Input Validation vulnerability in Siemens industrial devices
Serious vulnerability identified in Beckhoff TwinCAT PLC software solution
Threat Landscape for Industrial Automation Systems in H2 2017
Somebody’s watching! When cameras are more than just ‘smart’
Siemens industrial solutions are affected by vulnerabilities in Intel ME, SPS and TXE technologies
IoT hack: how to break a smart home... again
OMG botnet turns infected devices into proxy servers
3.3% of ICS computers attacked by miners during the past year
Vulnerabilities in GE D60 Line Distance Relay devices
Critical vulnerability in WAGO PFC200 controllers closed
Kaspersky Lab and MIT host a successful second annual ‘Think Security’ seminar
Multiple Vulnerabilities Found in Popular Document Management System
Saperion webclient multiple vulnerabilities: Arbitrary File Read in Saperion web client
Saperion webclient multiple vulnerabilities: Remote Code Execution with system user privileges in Saperion web client
Gas is too expensive? Let’s make it cheap!
Vulnerability in Nari PCS-9611 relays
A silver bullet for the attacker. A study into the security of hardware license tokens
MLAD: Machine Learning for Anomaly Detection
Industrial solutions may be affected by Spectre and Meltdown vulnerabilities
Serious vulnerabilities identified in Palo Alto firewalls
TRITON attack. Comment by Kaspersky Lab ICS CERT expert
The brief awakening of the Satori botnet
Cyber Security Tech Talk at the University of California, Berkeley
Dnsmasq Vulnerabilities Affect Siemens SCALANCE Solutions
New Mirai Variant
Vulnerabilities in Siemens SWT 3000 Devices
Industrial Enterprise and IoT Security Threats: Forecast for 2018
Intel Releases Updates to Close ME, SPS and TXE Vulnerabilities
Siemens Industrial Solutions Are Vulnerable to Denial-of-Service Attacks
Moxa Fixes Serious Vulnerabilities in NPort Serial Network Interface Devices
Serious Vulnerabilities Found in Siemens SICAM RTU Modules
Schneider Electric Closes Critical Vulnerability in HMI Products
Vendors Confirm That Industrial Solutions Are Vulnerable to KRACK Attacks
The Relevance of WPA2 Vulnerabilities and KRACK Attacks to Industrial Systems
New Botnet Recruits IoT Devices Across the Globe
To Hack an Oil Refinery in 7 Hours
Bad Rabbit, Brother of [Ex]Petr
US-CERT Reports APT Attack on Critical Infrastructure
WPA2 Vulnerabilities Can Be Used to Attack Industrial Systems
The Results of Kaspersky Industrial CTF 2017 Qualifications Are In
Safeguarding Technological Progress: Kaspersky Lab Holds Its Fifth Industrial Cyber Security Conference
Several more vulnerabilities found and closed in popular license manager
Sentinel LDK RTE: Remote enabling and disabling admin interface
Sentinel LDK RTE: Memory corruption might cause remote code execution
Sentinel LDK RTE: Arbitrary memory read from controlled memory pointer leads to remote denial of service
Sentinel LDK RTE: Remote manipulations with language pack updater lead to NTLM-relay attack for system user
Sentinel LDK RTE: Stack overflow in custom XML-parser leads to remote denial of service
Threat Landscape for Industrial Automation Systems in H1 2017
Infected CCleaner in ICS around the world
MITRE Grants Kaspersky Lab CVE Numbering Authority (CNA) Status
New Attack Vector Affecting Bluetooth Devices
IBM Security Report on Cyber Security Risks in the Energy and Utilities Sector
New Wave of Cyberattacks in the Energy Sector of Europe and North America
Closing an XXE Vulnerability in Siemens Industrial Solutions
Abbott Recalls Pacemakers Due to Cyberattack Risk
Multiple vulnerabilities found in popular license manager
Sentinel LDK RTE: malformed ASN1 streams in V2C files lead to Remote Code Execution
Sentinel LDK RTE: language packs containing malformed filenames lead to Remote Code Execution
Sentinel LDK RTE: language pack with invalid HTML files leads to Denial of Service
More than 50% of organizations attacked by ExPetr (Petya) cryptolocker are industrial companies
WannaCry on industrial networks: error correction
Vulnerable System Update Statistics. General Electric
Nigerian phishing: industrial companies under attack
WannaCry ransomware widespread attack may indirectly hit Industrial organizations
Threat Landscape for Industrial Automation Systems in the second half of 2016
Spear phishing attack hits industrial companies
Vulnerability in Industrial Control software and quality of the patch management
Critical infrastructure protection – governance around the world