Vulnerabilities found by Kaspersky ICS CERT in 2019 were revealed in the most commonly used automation software, industrial control and Internet of Things (IoT) systems. The issues were found in remote administration tools (34), SCADA (18), backup software (10), as well as IoT products, solutions for smart buildings, PLCs and other industrial components.
The success of response to these and other threats may depend on how aware the operational technology (OT) security teams are. Insights into current threats and attack vectors, as well as the most vulnerable elements in OT and industrial control systems, are available in the new, all-in-one Kaspersky ICS Threat Intelligence Reporting service.
This service unifies access to new and previously available reports, offering extended versions with analysis of new advanced threats, extended snapshots of the overall industrial threat landscape and unique threat insights into specific regions and industries. The analysis observes attack methods and malicious toolsets, including exploits and used malware as well as other important threat factors and attributes. This data can help security teams perform a security assessment of an organization’s industrial system, better identify malicious activity and be able to attribute it to recent threat actors that have been revealed by Kaspersky.
The service also offers detailed analysis of vulnerabilities found by Kaspersky, such as security issues that cause a vulnerability and enable its exploitation, possible attack vectors, and other technical information to help customers understand the risk of their potential exploitation by malicious actors.
In addition to this, OT security teams can access unique advisories on previously found vulnerabilities. Unlike advisories available via public sources that may not necessarily include all background information and practical recommendations, the Kaspersky service accumulates all available information on the vulnerability and provides it in an actionable manner. This facilitates customers’ vulnerability assessments and helps them develop adequate mitigating measures if patches are not yet available or can’t be installed due to, for example, process continuity requirements, system certification needs or compatibility issues.
The reports are available in human-readable format but also include technical artifacts, such as indicators of compromise (IoCs) provided in industrial-grade formats (OpenIOC, STIX, YARA and SNORT rules), so customers can integrate them into their security solutions to enhance incident detection and response.
“All assets for this new service are being developed by experts from the Kaspersky Industrial Systems Emergency Response Team and based on the knowledge we got from years of dedicated industrial threats and vulnerabilities research. We are trying to share our findings with industrial organizations in a simple and actionable manner. What’s more, we believe the information would also be valuable for a wider audience, such as, for example, state CERTs, industrial automation vendors, cybersecurity service providers and ICS security product developers. Together with the ICS threat data feeds, the subscription can help them tweak their products and services in accordance with the latest threat intelligence we get from our telemetry sources in ICS environments, all across the globe”, says Evgeny Goncharov, Head of ICS CERT at Kaspersky.