The attacks are usually quite primitive
Posted: Sat Feb 08, 2025 9:40 am
In its first-half 2018 report, Kaspersky Lab noted that Operation Energetic Bear (named for its connection to Russia and its targeting of energy companies) was broader in scope than initially thought, and renamed it Crouching Yeti to de-emphasize its connection to Russia. While the attackers’ primary targets were in the United States and Western Europe, a variety of websites, manufacturing and infrastructure companies, and government agencies were compromised.
However, overall, the attacks were quite primitive. They hungary mobile database PDF documents, Trojanized software installers, and waterhole attacks via hacked decoy sites. Once a computer was successfully penetrated, additional modules could be installed to expand the attacker’s position, according to the Kaspersky Lab study. The company recommends that industrial enterprises pay more attention to employee cyberthreat awareness and implement modern cybersecurity measures, from controlling access and traffic at the network perimeter to hardening ICS endpoints by removing and blocking unnecessary software, separating privileges, and tightening controls on the forced use of remote administration tools when these tools are needed, such as during remote maintenance.
Attackers target specific regions
Attackers continue to focus their efforts on specific regions of the world. If we take the number of systems protected by Kaspersky Lab software as 100%, then the percentage of those affected by attacks is higher among organizations in Asia, Africa, and Latin America compared to companies in North America, Western Europe, and Australia. Presumably, this situation is related to the amount of money organizations have invested in infrastructure protection solutions.
Removable media remains a significant threat in many of the most frequently attacked countries. Asia, Latin America, and the Middle East show a much higher proportion of infections via removable media than Russia, Europe, and North America. Meanwhile, email attacks, while often effective, are not as common. Perhaps because they target a small group of employees at each firm.
However, overall, the attacks were quite primitive. They hungary mobile database PDF documents, Trojanized software installers, and waterhole attacks via hacked decoy sites. Once a computer was successfully penetrated, additional modules could be installed to expand the attacker’s position, according to the Kaspersky Lab study. The company recommends that industrial enterprises pay more attention to employee cyberthreat awareness and implement modern cybersecurity measures, from controlling access and traffic at the network perimeter to hardening ICS endpoints by removing and blocking unnecessary software, separating privileges, and tightening controls on the forced use of remote administration tools when these tools are needed, such as during remote maintenance.
Attackers target specific regions
Attackers continue to focus their efforts on specific regions of the world. If we take the number of systems protected by Kaspersky Lab software as 100%, then the percentage of those affected by attacks is higher among organizations in Asia, Africa, and Latin America compared to companies in North America, Western Europe, and Australia. Presumably, this situation is related to the amount of money organizations have invested in infrastructure protection solutions.
Removable media remains a significant threat in many of the most frequently attacked countries. Asia, Latin America, and the Middle East show a much higher proportion of infections via removable media than Russia, Europe, and North America. Meanwhile, email attacks, while often effective, are not as common. Perhaps because they target a small group of employees at each firm.