News

Positive Technologies has published research on detecting and preventing attacks that involve the most popular MITRE ATT&CK^® techniques. The company’s experts successfullyused these techniques in the course of penetration tests conducted on Russian companies in 2022. The preventive measures proposed by Positive Technologies cover 29% of the information protection requirements set forth in the Order of the FSTEC of Russia of 11 February 2013 No. 17 on Approval of Requirements for the Protection of Information Not Constituting a Public Secret Contained in the State Information Systems.

Positive Technologies specialists have analyzed the 2022 cybersecurity threatscape. The number of incidents increased by 21% compared to 2021. One of the main trends was the increase in the number of incidents targeting web resources, the emergence of wipers, and the increased cross-industry impact of attacks against IT companies.

The vulnerabilities exposed the system’s database to attacks

The Austrian company B&R , part of the ABB group, thanked Natalya Tlyapova, Senior Security Researcher at Application Analysis at Positive Technologies, for discovering five database vulnerabilities in the APROL industrial process control system. The solution is used in various industries, including energy, oil and gas, engineering, and food. The vendor was notified of the threat as part of the responsible disclosure policy and fixed the vulnerabilities in new versions of the sotware.

On March 1, 2023, Standoff 365, the largest Russian bug bounty platform, launched a public program to look for vulnerabilities in its own systems. It’s a way to openly verify that its services are properly protected and show concern for the security of its clients. The Standoff 365 bug bounty is an open program with the reward of 1 million rubles for finding the most dangerous vulnerabilities.

Positive Technologies has analyzed the Q4 2022 cybersecurity threatscape. The analysis showed an increase in the number of spyware attacks against organizations and individuals. Experts noted an 18% increase in the share of attacks against IT companies and the growth of attacks against individuals via social networks and messengers.

PLCs are used on a wide range of equipment from machine tools to pipeline systems

Vulnerability CVE-2023-22357 gained the CVSS v3 score of 9.1, which indicates a critical level of severity. Its exploitation allowed unauthenticated attackers to read and change an arbitrary area of the controller memory. This could lead to overwriting of firmware, denial of service, or arbitrary code execution. The vendor was notified of the threat as part of the responsible disclosure policy and eliminated the vulnerability in the new firmware.

To fix vulnerabilities, install new firmware on your equipment

The issue received a CVSSv3 score of 8.2, qualifying it as high severity; a security patch is now available

The CVE-2022-43393 vulnerability discovered by Nikita Abramov, a researcher at Positive Technologies, affected dozens of Zyxel switch models and posed a serious risk for business processes of many organizations. The manufacturer has now remediated the vulnerability by releasing patches for all affected switches.