Full Report
The Kaspersky Industrial Cybersecurity Conference, one of the leading international events in the field of industrial cybersecurity, takes place from September 23 to 25.
Analysis Summary
# Industry News: Kaspersky Highlights Industrial APT Threats and Rare Malware at KICC 2024
## Summary
The 12th Kaspersky Industrial Cybersecurity Conference (KICC), held in Sochi from September 23 to 25, focused on the evolving threat landscape of Industrial Control Systems (ICS). Kaspersky’s ICS CERT team utilized the event to unveil deep-dive research into Advanced Persistent Threats (APTs) and rare virus specimens specifically targeting critical infrastructure.
## Key Details
- **Date:** September 23–25, 2024
- **Companies Involved:** Kaspersky (ICS CERT)
- **Category:** Industry Conference / Threat Intelligence Disclosure
## The Story
The Kaspersky Industrial Cybersecurity Conference remains a pivotal gathering for experts in the Operational Technology (OT) and ICS sectors. This year, the narrative centered on "detective-style" investigations into sophisticated cyber espionage. Kaspersky ICS CERT experts presented new findings on APT campaigns that have remained under the radar by using niche or "rare" virus specimens tailored for industrial environments. The research emphasizes that attackers are moving away from generic malware toward highly customized tools designed to bypass traditional air-gapped security and specific industrial protocols.
## Business Impact
### For the Companies Involved
- **Kaspersky:** Bolsters its reputation as a premier source of OT-specific threat intelligence despite geopolitical headwinds. This event serves as a primary platform for Kaspersky to demonstrate its technical prowess in the industrial sector.
### For Competitors (Claroty, Dragos, Nozomi Networks)
- **Increased Pressure:** Competitors must match this level of granular research into rare, OT-specific malware to remain credible with large-scale industrial enterprise clients.
### For Customers
- **Heightened Situational Awareness:** Asset owners in energy, manufacturing, and transport gain critical insights into the specific tactics, techniques, and procedures (TTPs) being used against their sectors.
### For the Market
- **Focus on OT-CERTs:** The news reinforces the growing market demand for dedicated Industrial Computer Emergency Response Teams (CERTs) and specialized intelligence services rather than general IT security feeds.
## Technical Implications
The research highlights a shift toward "living-off-the-land" techniques within OT environments and the use of rare virus specimens that do not trigger standard signature-based detection. This necessitates a shift toward behavioral analysis and deep packet inspection (DPI) of industrial protocols like Modbus, S7, and OPC UA.
## Strategic Analysis
- **Market Positioning:** Kaspersky is positioning itself as the "investigative authority" in ICS security, focusing on the high-complexity end of the threat spectrum.
- **Competitive Advantage:** Direct access to telemetry from a global footprint of industrial installations gives Kaspersky a unique data set for identifying rare threats.
- **Challenges:** Ongoing geopolitical tensions continue to complicate Kaspersky’s market access in certain Western government and critical infrastructure sectors, regardless of technical merit.
## Industry Reactions
- **Analyst Opinions:** Industry analysts note that KICC has become one of the few places where "private sector intelligence" meets "boots-on-the-ground" industrial engineering.
- **Market Response:** There is a growing recognition that high-end APT threats in OT are no longer theoretical but are actively probing global supply chains.
## Future Outlook
- **Predictive Trends:** Expect an increase in the discovery of "dormant" malware in critical infrastructure that was planted years ago, now being unearthed by better forensics.
- **What to Watch For:** Look for the integration of these research findings into Kaspersky’s KICS (Kaspersky Industrial CyberSecurity) product updates and automated detection rules.
## For Security Professionals
Practitioners should review their current visibility into air-gapped systems and evaluate if their existing EDR/XDR solutions are capable of identifying the "rare specimens" described by ICS CERT. The transition from IT-centric security to OT-aware security is no longer optional for those protecting critical infrastructure.