New Kaspersky ICS CERT research into threats affecting industrial control systems (ICS) highlights 103 new vulnerabilities found in 2019, which could potentially be exploited by cyberattacks. Kaspersky Industrial Control Systems Cyber Emergency Response Team (Kaspersky ICS CERT) is a global project launched by Kaspersky in 2016. Its purpose is to coordinate the efforts of automation system vendors, industrial facility owners and operators, and IT security researchers to protect industrial enterprises from cyberattacks. The number of vulnerabilities found almost doubled in comparison with the 61 reported in 2018. For organisations protecting themselves against these and other security risks, Kaspersky ICS threat intelligence is now available in a new subscription-based service.
Exploiting various software vulnerabilities is one of many possible ways attacks on industrial automation systems could happen. Vulnerabilities found by Kaspersky ICS CERT in 2019 emerged in the most commonly used automation software, industrial control and Internet of Things (IoT) systems. The issues discovered in remote administration tools (34), SCADA (18), backup software (10), as well as IoT products, solutions for smart buildings, PLCs and other industrial components.
The success of response to these and other threats may depend on how aware the operational technology (OT) security teams are. Insights into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems, are available in the new, all-in-one Kaspersky ICS Threat Intelligence Reporting service.
“The issues were found in remote administration tools (34), SCADA (18), backup software (10), as well as IoT products, solutions for smart buildings, PLCs and other industrial components.”
This service unifies access to new and previously available reports, offering extended versions with analysis of new advanced threats, extended snapshots of the overall industrial threat landscape and unique threat insights into specific regions and industries. The report observes attack methods and malicious toolsets, including exploits and used malware as well as other essential threat factors and attributes. This data can help security teams perform a security assessment of an organisation’s industrial system, better identify malicious activity and be able to attribute it to recent threat actors that have been revealed by Kaspersky.
The service also offers a detailed analysis of vulnerabilities found by Kaspersky. These include security issues that cause a weakness and enable its exploitation, possible attack vectors, and other technical information to help customers understand the risk of their potential exploitation by malicious actors.
In addition to this, OT security teams can access unique advisories on previously found vulnerabilities. Unlike warnings available via public sources that may not necessarily include all background information and practical recommendations, the Kaspersky service accumulates all available information on the vulnerability and provides it in an actionable manner. It facilitates customers’ vulnerability assessments and helps them develop adequate mitigating measures if patches are not yet available or can’t be installed due to, for example, process continuity requirements, system certification needs or compatibility issues.
The reports are available in human-readable format but also include technical artefacts, such as indicators of compromise (IoCs) provided in industrial-grade formats (OpenIOC, STIX, YARA and SNORT rules). That way customers can integrate them into their security solutions to enhance incident detection and response.
“All assets for this new service are being developed by experts from the Kaspersky Industrial Systems Emergency Response Team and based on the knowledge we got from years of dedicated industrial threats and vulnerabilities research. We are trying to share our findings with industrial organisations in a simple and actionable manner. What’s more, we believe the information would also be valuable for a wider audience, such as, for example, state CERTs, industrial automation vendors, cybersecurity service providers and ICS security product developers. Together with the ICS threat data feeds, the subscription can help them tweak their products and services per the latest threat. That or intelligence we get from our telemetry sources in ICS environments globally,” says Evgeny Goncharov, Head of ICS CERT at Kaspersky.
To learn more about Kaspersky ICS Threat Intelligence Reporting service and apply for a demo, please visit the Kaspersky Threat Intelligence Portal.
To find out more about the ‘Threat landscape for industrial automation systems 2019’ report, please follow the link.
Write to us firstname.lastname@example.org