SlideShare ist ein Scribd-Unternehmen logo

Industrial Threats Landscape, H2'2017

Kaspersky
Kaspersky

Here we report the current state of the ICS threat landscape, as presented at the IT&Automation 2018 conference in Böblingen. To learn more about Kaspersky Lab's ICS CERT, visit https://kas.pr/e34v

Ingenieurwesen
1 von 50
Downloaden Sie, um offline zu lesen
Kirill Kruglov, Critical Infrastructure Threat Analysis, Kaspersky Lab ICS CERT INDUSTRIAL CONTROL SYSTEMS CYBER THREAT LANDSCAPE
THE NATURE OF THE THREAT KICS is a portfolio of technologies and services designed to secure Industrial Control System environments Launched at the end of 2015 More than 15 customers globally since launch 4 official references KL ICS Cyber Emergency Response Team is a special non-commercial project that offers a wide range of information and research services Officially launched at the end of 2016 OUR INDUSTRIAL CYBERSECURITY ACTIVITIES IN A NUTSHELL Regularly contributes to Industrial cybersecurity, e.g. helping prepare IIFS v 1.0 Found more than 100 ICS vulnerabilities Raising awareness through hackathons, CTF, Workshops and demos worldwide
CYBER SECURITY INCIDENTS
CRASHOVERRIDE what if turn it on and off?
CYBER-PHYSICAL ATTACKS: ENERGY WHEN: DECEMBER 2016 WHERE: UKRAINE, KIEV DIGITAL SUBSTATION «NOTHERN». PHYSICAL: POWER OUTAGE FOR 1HOR 15 MIN History repeating: CRASHOVERRIDE CYBER: (possibly?) CRASHOVERRIDE / Industroyer malware platform, plugins for IEC 101/104, 61850 and OPC, second (after STUXNET) case of malware designed to target physical systems
CYBER-PHYSICAL ATTACKS: ENERGY WHEN: DECEMBER 2015 WHERE: UKRAINE PHYSICAL: power cell switches operated, remote control disabled for operators, power outage on 7 110kV and 23 35 kV substations. FINANCIAL: POWER OUTAGE IN 5 REGIONS FOR 6 HOURS BlackEnergy 2.0 CYBER: BlackEnergy 2.0 as the door opener, the rest of the attack performed manually.
, CYBER-PHYSICAL ATTACKS: OIL & GAS, SHAMOON WHEN: DECEMBER 2012 WHERE: SAUDI ARABIA, SAUDI ARAMCO, 35000 COMPUTERS WIPED OUT, 50 000 HDDS WHERE REPLACED PHYSICAL: 17 DAYS OF DELAYED PRODUCT DELIVERY History repeating
, CYBER-PHYSICAL ATTACKS: OIL & GAS, SHAMOON 2.0 STONEDRILL WHEN: NOV 2016 – JAN 2017 WHERE: SAUDI ARABIA, ME, EUROPE, MANUFACTURING AND OIL & GAS, CONNECTED TO NEWSBEEF, PROBABLY IRAN DAMAGE: ??? STILL TO BE CALCULATED History repeating
RANSOMWARE ATTACKS: UTILITY Michigan, USA, 2016 CYBER ATTACK: • Phishing attack to deliver ransomware • Mail delivery and finance operation affected • Phone lines not working including Technical Support line • Customers stopped from getting their bills $2.4M FOR EXTRA CYBER SECURITY DIRECT LOSSES: • $25K ransom
RANSOMWARE ATTACKS: WannaCry in ICS? 12-15 May, 2017, more than 150 countries COMPANYES REPORTED: • Renault, France • Gas Natural, Spain • NHS, UK • Computers in Police units in India • Enterprises in Mumbai, Hyderabad, Bengaluru, Chennai • Schools, Universities, • Railways? • Etc…
RANSOMWARE ATTACKS: WannaCry in ICS? ICS machines affected the most according to KSN statistics
OT vs IT+ = RANSOMWARE ATTACKS: WannaCry in ICS – incident response DOS attacks inside ICS networks
RANSOMWARE ATTACKS: MOST POPULAR RANSOMWARE IN ICS % of ICS computers attacked by ransomware according to KSN attack statistics
ADVANCED PERCISTENT (and other) THREATS
90% 9.9% 0.1% Targeted attacks Advanced persistent threats Traditional cybercrime Targeted threats to organizations Cyber-weapons THE NATURE OF THE THREAT 310 000 New threats per day OUR DAY-TO-DAY RESEARCH We discover and prevent > 300 000 new threats a day
OUR DAY-TO-DAY RESEARCH We discover and dissect the world’s most sophisticated threats 2011 2012 2013 2014 2015 2016 2010 Duqu miniFlame Gauss Icefog Winnti NetTraveler Miniduke Epic Turla Energetic Bear / Crouching Yeti RedOctober CosmicDuke Darkhotel Careto / The Mask Regin Sofacy Carbanak Desert Falcons Equation Naikon Hellsing TeamSpy Duqu 2.0 Animal Farm Kimsuky Stuxnet Flame Darkhotel MsnMM Campaigns Satellite Turla Wild Neutron Blue Termite Spring Dragon Metel Adwind Lazarus Lurk
25% of all the APTs found by KL in 2016 were targeting industrial companies OUR DAY-TO-DAY RESEARCH We discover more targeted attacks and APTs than the rest of the industry >100 private reports delivered in 2016
ICS VULNERABILITIES
OT vs IT SCADA vs OS vs OTHER IT VULNERABILITIES STUXNET ENERGETIC BEAR WANNACRY/ EXPEXTR BLACKENERGY2 • CVE-2010-2729, MS10-061 (Print Spooler, RCE, privilege escalation) • CVE-2010-2568 , MS10-046 (LNK Vulnerability, RCE) • MS08-067 (RPC in network folders) • MS10-73 (win32.sys privilege escalation) • CVE-2011-0611 (Adobe Flash exploit) • CVE-2013-2465, CVE-2013- 1347, CVE-2012-1723 (Java 6,/7 IE 7/8, Watering hole on web sites) • CVE-2017-0144, MS17-010 (SMB v.1) • CVE-2014-4114, MS14-060 (Windows OLE RCE Exploit) • CVE-2014-0751 (GE Simplicity, Directory traversal vulnerability)
KL ICS CERT VULNERABILITY RESEARCH 100+ 0-days discovered by KL ICS CERT and reported to ICS vendors KASPERSKY ICS CERT
OT vs IT ICS VULNERABILITY PATCH TRACKING/ANALYSIS % of vulnerable ICS according to KSN statistics (EXAMPLE)
STATISTIC
ICS THREAT STATISTICS % ICS attacked: Germany compared to European region (2017 H1 vs. H2)
ICS THREAT STATISTICS Sources of infection: Germany compared to Ukraine (2017 H1 vs. H2)
ICS THREAT STATISTICS Sources of infection: Internet
ICS THREAT STATISTICS Sources of infection: email clients
ICS THREAT STATISTICS Sources of infection: removable media
ICS THREAT STATISTICS Sources of infection: removable media
√ KASPERSKY ICS CERT INDUSTRIES UNDER ATTACK IN 2017 – WORLD-WIDE % of ICS computers attacked according to KSN statistics
TRAGETTED ATTACK ANALYSIS targeted phishing attack KASPERSKY ICS CERT
TRAGETTED ATTACK ANALYSIS Infected supply chain KASPERSKY ICS CERT
TRAGETTED ATTACK ANALYSIS Business Email Compromise Attack (5 scenarios) UAE company’s corporate email database… …for $99 KASPERSKY ICS CERT
OT vs IT BUSINESS EMAIL COMPROMISE INFECTION INSPECTION TRANSACTION HIJACK MONEY TRANSFER
TRAGETTED ATTACK ANALYSIS Finance? … but (probably) not only... KASPERSKY ICS CERT
ICS THREAT DISCOVERY ICS targeted spear phishing campaign: affected industries KASPERSKY ICS CERT
HONEYPOTS
CYBER-PHYSICAL ATTACK VECTORS: ENERGY § Equipment and configuration equal to the real-world substation § Cyber security settings hardened § 4 security expert teams competing in CTF competition § Goal: to demonstrate ways to damage to the physical world. WHEN : OCTOBER 2015 WHERE: MOSCOW TARGET: Penetration testing 500kV substation model: Kaspersky Lab Study 2015: Digital Substation
§ Multiple IEC 61850 (MMS/GOOSE) and SIEMENS DIGSI architecture and implementation vulnerabilities exploited § Circuit protection logic turned off, terminal firmware changed, three 0-days found § 2 out of 8 terminals damaged (bricked) § Multiple unauthorized power cell operations PHYSICAL: FIRST SHORT CIRCUIT IN 3 HOURS, 2 TERMINALS BRICKED Identified attack vectors against RTUs and protection terminals: CYBER-PHYSICAL ATTACK VECTORS: ENERGY Kaspersky Lab Study 2015: Digital Substation
CYBER-PHYSICAL ATTACK VECTORS: ENERGY Kaspersky Lab Study 2016: Micro Grid Infrastructures: • Hydro Power Plant • High Voltage Substation 110 kV • Distribution Substation 10kV • Solar Power Station • Other equipment Hardware: • Ruggetcom & Hirschmann • S7-1500,Siprotec 4 • PLC modem, NTP, Wi-Fi, etc.
CYBER-PHYSICAL ATTACK VECTORS: ENERGY Kaspersky Lab Study 2016: Micro Grid
CYBER-PHYSICAL ATTACK ANATOMY Attack steps to gain control over terminal facilities to destroy equipment and/or break the process. Get access to industrial network Reconnaissance Get access to SCADA and PLC + get the password Create modified PLC programs Deliver modified logic to target PLCs Emergency alarm 0,5-48 hours 1-4 hours 0,5-6 hours 1-24 hours 0.5-2 hours INCIDENT OBJECT: gasoil discharge terminal TARGET: get access to ICS network, get control over the process, find the ways to break the process / do physical damage. Cyber sabotage scenario modeling / analysis
AWARENESS EDUCATION COLLABORATION
SECURITY AWARENESS & TRAINING SERVICES PLC Fieldbus Control Network SCADA/DCS Network Plant DMZ Network Office Network PLC SCADA SCADA SCADA Internet SCADA Infected USB keys Infected USB keys Infected PLC logic Infected Laptops Insecure Wireless Bad Access Rules Insecure Remote Support Insecure Internet connection
MIT THINK SECURITY Industrial Cyber Security workshop 2016
OT vs IT BERKLEY Industrial Cyber Security workshop Oct 2017
ICS GOVERNENCE ANALYSIS 2016 CIP cybersecurity governance maturity for the countries around the globe
COLLABORATION: INDUSTRIAL AUTOMATION VENDORS
COOPERATION WITH RECOGNIZED INDUSTRY DRIVERS
ics-cert.kaspersky.com
Kaspersky Lab ICS CERT ics-cert.kaspersky.com www.kaspersky.com

Empfohlen

Detecting ICS Attacks Using Recurrent Neural Networks
Detecting ICS Attacks Using Recurrent Neural NetworksDetecting ICS Attacks Using Recurrent Neural Networks
Detecting ICS Attacks Using Recurrent Neural Networks
Kaspersky
 
Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...
Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...
Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...
Kaspersky
 
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
Kaspersky
 
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Kaspersky
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
 
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Kaspersky
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products Secure
Kaspersky
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
Kaspersky
 

Empfohlen

Detecting ICS Attacks Using Recurrent Neural Networks
Detecting ICS Attacks Using Recurrent Neural NetworksDetecting ICS Attacks Using Recurrent Neural Networks
Detecting ICS Attacks Using Recurrent Neural Networks
Kaspersky
 
Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...
Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...
Антон Иванов. Kaspersky Open Single Management Platform – XDR платформа для в...
Kaspersky
 
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
How We Stopped Being Just Antivirus and Became a Unique Industrial Infrastruc...
Kaspersky
 
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Артем Зиненко. Vulnerability Assessment в ICS на основе информации из публичн...
Kaspersky
 
Ransomware in targeted attacks
Ransomware in targeted attacksRansomware in targeted attacks
Ransomware in targeted attacks
Kaspersky
 
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Дмитрий Правиков. Концепция информационной безопасности «роя» киберфизических...
Kaspersky
 
From Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products SecureFrom Code to Customer: How to Make Software Products Secure
From Code to Customer: How to Make Software Products Secure
Kaspersky
 
Kaspersky Lab Transparency Principles
Kaspersky Lab Transparency PrinciplesKaspersky Lab Transparency Principles
Kaspersky Lab Transparency Principles
Kaspersky
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
Kaspersky
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tips
Kaspersky
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Kaspersky
 
Ecosystem
EcosystemEcosystem
Ecosystem
Moti Sagey מוטי שגיא
 
Purple Teaming ICS Networks
Purple Teaming ICS NetworksPurple Teaming ICS Networks
Purple Teaming ICS Networks
Dragos, Inc.
 
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey מוטי שגיא
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in Ukraine
Kaspersky
 
Cyber intro 2017_hebrew
Cyber intro 2017_hebrew Cyber intro 2017_hebrew
Cyber intro 2017_hebrew
Moti Sagey מוטי שגיא
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
Dragos, Inc.
 
Russia the threat landscape
Russia the threat landscapeRussia the threat landscape
Russia the threat landscape
Альбина Минуллина
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
Moti Sagey מוטי שגיא
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
BGA Cyber Security
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
IT Tech
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
Scalar Decisions
 
Challenges and opportunities for European MSPs
Challenges and opportunities for European MSPsChallenges and opportunities for European MSPs
Challenges and opportunities for European MSPs
Kaspersky
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
BGA Cyber Security
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist Attacks
BGA Cyber Security
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
Sylvain Martinez
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- Detailed
Moti Sagey מוטי שגיא
 
Thrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewThrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In Review
Joe Slowik
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
Cimation
 
Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)
Michael Swinarski
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
Kaspersky
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tips
Kaspersky
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in Ukraine
Kaspersky
 

Was ist angesagt? (19)

The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical Details
 
Trusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tipsTrusted Environment. Blockchain for business: best practices, experience, tips
Trusted Environment. Blockchain for business: best practices, experience, tips
 
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
Джан Демирел (Турция). Текущий статус регулирования промышленной кибербезопас...
 
Ecosystem
EcosystemEcosystem
Ecosystem
 
Purple Teaming ICS Networks
Purple Teaming ICS NetworksPurple Teaming ICS Networks
Purple Teaming ICS Networks
 
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal
 
A look at current cyberattacks in Ukraine
A look at current cyberattacks in UkraineA look at current cyberattacks in Ukraine
A look at current cyberattacks in Ukraine
 
Cyber intro 2017_hebrew
Cyber intro 2017_hebrew Cyber intro 2017_hebrew
Cyber intro 2017_hebrew
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 
Russia the threat landscape
Russia the threat landscapeRussia the threat landscape
Russia the threat landscape
 
Check point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
 
Challenges and opportunities for European MSPs
Challenges and opportunities for European MSPsChallenges and opportunities for European MSPs
Challenges and opportunities for European MSPs
 
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
 
Critical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist AttacksCritical Infrastructure Protection from Terrorist Attacks
Critical Infrastructure Protection from Terrorist Attacks
 
Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- Detailed
 

Ähnlich wie Industrial Threats Landscape, H2'2017

THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSTHE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
iQHub
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
Lancope, Inc.
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeUPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
Francesco Faenzi
 

Ähnlich wie Industrial Threats Landscape, H2'2017 (20)

Thrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In ReviewThrice Is Nice: Ukraine In Review
Thrice Is Nice: Ukraine In Review
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation
 
Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)Information Security: We are all InfoSec (updated for 2018)
Information Security: We are all InfoSec (updated for 2018)
 
Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018 Conférence ENGIE ACSS 2018
Conférence ENGIE ACSS 2018
 
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre DarcherifIndustrial Cyber Security - EVF 2019 Alexandre Darcherif
Industrial Cyber Security - EVF 2019 Alexandre Darcherif
 
Securing SCADA
Securing SCADA Securing SCADA
Securing SCADA
 
Securing SCADA
Securing SCADASecuring SCADA
Securing SCADA
 
Cyber security colombo meetup
Cyber security colombo meetupCyber security colombo meetup
Cyber security colombo meetup
 
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDSTHE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
THE STATE OF THE ICS CYBERSECURITY THREAT LANDSCAPE FOR DIGITAL OILFIELDS
 
SCADA Security in CDIC 2009
SCADA Security in CDIC 2009SCADA Security in CDIC 2009
SCADA Security in CDIC 2009
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeUPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
 
Symantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucíSymantec: čas přítomný a budoucí
Symantec: čas přítomný a budoucí
 
2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation2012 02 14 Afcom Presentation
2012 02 14 Afcom Presentation
 
[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares[CLASS 2014] Palestra Técnica - Samuel Linares
[CLASS 2014] Palestra Técnica - Samuel Linares
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
Polymorphic Attacks on Data-in-Motion Require a New Security Approach From Bo...
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming NextThe Seven Most Dangerous New Attack Techniques, and What's Coming Next
The Seven Most Dangerous New Attack Techniques, and What's Coming Next
 

Mehr von Kaspersky

The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secure
Kaspersky
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secure
Kaspersky
 
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
Kaspersky
 
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктурыМаксим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
Kaspersky
 
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
Kaspersky
 
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтраИгорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
Kaspersky
 
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
Kaspersky
 
Марина Сорокина. Криптография для промышленных систем
Марина Сорокина. Криптография для промышленных системМарина Сорокина. Криптография для промышленных систем
Марина Сорокина. Криптография для промышленных систем
Kaspersky
 
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
Kaspersky
 
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
Kaspersky
 
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
Kaspersky
 
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугрозОлег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
Kaspersky
 
Константин Родин. Обеспечение доверенной среды удаленной работы в рамках ​про...
Константин Родин. Обеспечение доверенной среды удаленной работы в рамках ​про...Константин Родин. Обеспечение доверенной среды удаленной работы в рамках ​про...
Константин Родин. Обеспечение доверенной среды удаленной работы в рамках ​про...
Kaspersky
 

Mehr von Kaspersky (20)

The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secure
 
The Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secureThe Log4Shell Vulnerability – explained: how to stay secure
The Log4Shell Vulnerability – explained: how to stay secure
 
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
Алексей Гуревич. Кибербезопасность систем управления современных объектов эле...
 
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктурыМаксим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
Максим Бородько. Спуфинг GNSS — новая угроза для критической инфраструктуры
 
Кирилл Набойщиков. Системный подход к защите КИИ
Кирилл Набойщиков. Системный подход к защите КИИКирилл Набойщиков. Системный подход к защите КИИ
Кирилл Набойщиков. Системный подход к защите КИИ
 
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...
Вениамин Левцов. Cтратегия трансформации решений Лаборатории Касперского для ...
 
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021
Мария Гарнаева. Целевые атаки на промышленные компании в 2020/2021
 
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
Андрей Суворов, Максим Карпухин. Сенсация под микроскопом. Вивисекция первого...
 
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...
Глеб Дьяконов. ИИ-видеоаналитика как инструмент корпоративного риск-менеджмен...
 
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтраИгорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
Игорь Рыжов. Проекты по защите АСУ ТП вчера, сегодня, завтра
 
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
Александр Карпенко. Уровни зрелости АСУ ТП как объектов защиты и подходы к ун...
 
Марина Сорокина. Криптография для промышленных систем
Марина Сорокина. Криптография для промышленных системМарина Сорокина. Криптография для промышленных систем
Марина Сорокина. Криптография для промышленных систем
 
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...
Александр Лифанов. Платформа граничных вычислений Siemens Industrial Edge: пе...
 
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
Александр Волошин. Киберполигон "Цифровая энергетика". Исследования и разрабо...
 
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
Евгений Дружинин. Как не сломать: что важно учесть перед, в ходе и после реал...
 
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
Алексей Иванов. Реализация проектов АСУ ТП электрических подстанций ​в соотве...
 
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугрозОлег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
Олег Шакиров. Дипломатия и защита критической инфраструктуры от киберугроз
 
Василий Шауро. Развитие кибербезопасности АСУТП ​в условиях цифровизации пред...
Василий Шауро. Развитие кибербезопасности АСУТП ​в условиях цифровизации пред...Василий Шауро. Развитие кибербезопасности АСУТП ​в условиях цифровизации пред...
Василий Шауро. Развитие кибербезопасности АСУТП ​в условиях цифровизации пред...
 
Константин Родин. Обеспечение доверенной среды удаленной работы в рамках ​про...
Константин Родин. Обеспечение доверенной среды удаленной работы в рамках ​про...Константин Родин. Обеспечение доверенной среды удаленной работы в рамках ​про...
Константин Родин. Обеспечение доверенной среды удаленной работы в рамках ​про...
 
Сергей Радошкевич. Кибербезопасность в судоходной деятельности организаций. О...
Сергей Радошкевич. Кибербезопасность в судоходной деятельности организаций. О...Сергей Радошкевич. Кибербезопасность в судоходной деятельности организаций. О...
Сергей Радошкевич. Кибербезопасность в судоходной деятельности организаций. О...
 

Kürzlich hochgeladen

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
tanu pandey
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 

Kürzlich hochgeladen (20)

Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 

Industrial Threats Landscape, H2'2017

  • 1. Kirill Kruglov, Critical Infrastructure Threat Analysis, Kaspersky Lab ICS CERT INDUSTRIAL CONTROL SYSTEMS CYBER THREAT LANDSCAPE
  • 2. THE NATURE OF THE THREAT KICS is a portfolio of technologies and services designed to secure Industrial Control System environments Launched at the end of 2015 More than 15 customers globally since launch 4 official references KL ICS Cyber Emergency Response Team is a special non-commercial project that offers a wide range of information and research services Officially launched at the end of 2016 OUR INDUSTRIAL CYBERSECURITY ACTIVITIES IN A NUTSHELL Regularly contributes to Industrial cybersecurity, e.g. helping prepare IIFS v 1.0 Found more than 100 ICS vulnerabilities Raising awareness through hackathons, CTF, Workshops and demos worldwide
  • 4. CRASHOVERRIDE what if turn it on and off?
  • 5. CYBER-PHYSICAL ATTACKS: ENERGY WHEN: DECEMBER 2016 WHERE: UKRAINE, KIEV DIGITAL SUBSTATION «NOTHERN». PHYSICAL: POWER OUTAGE FOR 1HOR 15 MIN History repeating: CRASHOVERRIDE CYBER: (possibly?) CRASHOVERRIDE / Industroyer malware platform, plugins for IEC 101/104, 61850 and OPC, second (after STUXNET) case of malware designed to target physical systems
  • 6. CYBER-PHYSICAL ATTACKS: ENERGY WHEN: DECEMBER 2015 WHERE: UKRAINE PHYSICAL: power cell switches operated, remote control disabled for operators, power outage on 7 110kV and 23 35 kV substations. FINANCIAL: POWER OUTAGE IN 5 REGIONS FOR 6 HOURS BlackEnergy 2.0 CYBER: BlackEnergy 2.0 as the door opener, the rest of the attack performed manually.
  • 7. , CYBER-PHYSICAL ATTACKS: OIL & GAS, SHAMOON WHEN: DECEMBER 2012 WHERE: SAUDI ARABIA, SAUDI ARAMCO, 35000 COMPUTERS WIPED OUT, 50 000 HDDS WHERE REPLACED PHYSICAL: 17 DAYS OF DELAYED PRODUCT DELIVERY History repeating
  • 8. , CYBER-PHYSICAL ATTACKS: OIL & GAS, SHAMOON 2.0 STONEDRILL WHEN: NOV 2016 – JAN 2017 WHERE: SAUDI ARABIA, ME, EUROPE, MANUFACTURING AND OIL & GAS, CONNECTED TO NEWSBEEF, PROBABLY IRAN DAMAGE: ??? STILL TO BE CALCULATED History repeating
  • 9. RANSOMWARE ATTACKS: UTILITY Michigan, USA, 2016 CYBER ATTACK: • Phishing attack to deliver ransomware • Mail delivery and finance operation affected • Phone lines not working including Technical Support line • Customers stopped from getting their bills $2.4M FOR EXTRA CYBER SECURITY DIRECT LOSSES: • $25K ransom
  • 10. RANSOMWARE ATTACKS: WannaCry in ICS? 12-15 May, 2017, more than 150 countries COMPANYES REPORTED: • Renault, France • Gas Natural, Spain • NHS, UK • Computers in Police units in India • Enterprises in Mumbai, Hyderabad, Bengaluru, Chennai • Schools, Universities, • Railways? • Etc…
  • 11. RANSOMWARE ATTACKS: WannaCry in ICS? ICS machines affected the most according to KSN statistics
  • 12. OT vs IT+ = RANSOMWARE ATTACKS: WannaCry in ICS – incident response DOS attacks inside ICS networks
  • 13. RANSOMWARE ATTACKS: MOST POPULAR RANSOMWARE IN ICS % of ICS computers attacked by ransomware according to KSN attack statistics
  • 15. 90% 9.9% 0.1% Targeted attacks Advanced persistent threats Traditional cybercrime Targeted threats to organizations Cyber-weapons THE NATURE OF THE THREAT 310 000 New threats per day OUR DAY-TO-DAY RESEARCH We discover and prevent > 300 000 new threats a day
  • 16. OUR DAY-TO-DAY RESEARCH We discover and dissect the world’s most sophisticated threats 2011 2012 2013 2014 2015 2016 2010 Duqu miniFlame Gauss Icefog Winnti NetTraveler Miniduke Epic Turla Energetic Bear / Crouching Yeti RedOctober CosmicDuke Darkhotel Careto / The Mask Regin Sofacy Carbanak Desert Falcons Equation Naikon Hellsing TeamSpy Duqu 2.0 Animal Farm Kimsuky Stuxnet Flame Darkhotel MsnMM Campaigns Satellite Turla Wild Neutron Blue Termite Spring Dragon Metel Adwind Lazarus Lurk
  • 17. 25% of all the APTs found by KL in 2016 were targeting industrial companies OUR DAY-TO-DAY RESEARCH We discover more targeted attacks and APTs than the rest of the industry >100 private reports delivered in 2016
  • 19. OT vs IT SCADA vs OS vs OTHER IT VULNERABILITIES STUXNET ENERGETIC BEAR WANNACRY/ EXPEXTR BLACKENERGY2 • CVE-2010-2729, MS10-061 (Print Spooler, RCE, privilege escalation) • CVE-2010-2568 , MS10-046 (LNK Vulnerability, RCE) • MS08-067 (RPC in network folders) • MS10-73 (win32.sys privilege escalation) • CVE-2011-0611 (Adobe Flash exploit) • CVE-2013-2465, CVE-2013- 1347, CVE-2012-1723 (Java 6,/7 IE 7/8, Watering hole on web sites) • CVE-2017-0144, MS17-010 (SMB v.1) • CVE-2014-4114, MS14-060 (Windows OLE RCE Exploit) • CVE-2014-0751 (GE Simplicity, Directory traversal vulnerability)
  • 20. KL ICS CERT VULNERABILITY RESEARCH 100+ 0-days discovered by KL ICS CERT and reported to ICS vendors KASPERSKY ICS CERT
  • 21. OT vs IT ICS VULNERABILITY PATCH TRACKING/ANALYSIS % of vulnerable ICS according to KSN statistics (EXAMPLE)
  • 23. ICS THREAT STATISTICS % ICS attacked: Germany compared to European region (2017 H1 vs. H2)
  • 24. ICS THREAT STATISTICS Sources of infection: Germany compared to Ukraine (2017 H1 vs. H2)
  • 25. ICS THREAT STATISTICS Sources of infection: Internet
  • 26. ICS THREAT STATISTICS Sources of infection: email clients
  • 27. ICS THREAT STATISTICS Sources of infection: removable media
  • 28. ICS THREAT STATISTICS Sources of infection: removable media
  • 29. √ KASPERSKY ICS CERT INDUSTRIES UNDER ATTACK IN 2017 – WORLD-WIDE % of ICS computers attacked according to KSN statistics
  • 30. TRAGETTED ATTACK ANALYSIS targeted phishing attack KASPERSKY ICS CERT
  • 31. TRAGETTED ATTACK ANALYSIS Infected supply chain KASPERSKY ICS CERT
  • 32. TRAGETTED ATTACK ANALYSIS Business Email Compromise Attack (5 scenarios) UAE company’s corporate email database… …for $99 KASPERSKY ICS CERT
  • 33. OT vs IT BUSINESS EMAIL COMPROMISE INFECTION INSPECTION TRANSACTION HIJACK MONEY TRANSFER
  • 34. TRAGETTED ATTACK ANALYSIS Finance? … but (probably) not only... KASPERSKY ICS CERT
  • 35. ICS THREAT DISCOVERY ICS targeted spear phishing campaign: affected industries KASPERSKY ICS CERT
  • 37. CYBER-PHYSICAL ATTACK VECTORS: ENERGY § Equipment and configuration equal to the real-world substation § Cyber security settings hardened § 4 security expert teams competing in CTF competition § Goal: to demonstrate ways to damage to the physical world. WHEN : OCTOBER 2015 WHERE: MOSCOW TARGET: Penetration testing 500kV substation model: Kaspersky Lab Study 2015: Digital Substation
  • 38. § Multiple IEC 61850 (MMS/GOOSE) and SIEMENS DIGSI architecture and implementation vulnerabilities exploited § Circuit protection logic turned off, terminal firmware changed, three 0-days found § 2 out of 8 terminals damaged (bricked) § Multiple unauthorized power cell operations PHYSICAL: FIRST SHORT CIRCUIT IN 3 HOURS, 2 TERMINALS BRICKED Identified attack vectors against RTUs and protection terminals: CYBER-PHYSICAL ATTACK VECTORS: ENERGY Kaspersky Lab Study 2015: Digital Substation
  • 39. CYBER-PHYSICAL ATTACK VECTORS: ENERGY Kaspersky Lab Study 2016: Micro Grid Infrastructures: • Hydro Power Plant • High Voltage Substation 110 kV • Distribution Substation 10kV • Solar Power Station • Other equipment Hardware: • Ruggetcom & Hirschmann • S7-1500,Siprotec 4 • PLC modem, NTP, Wi-Fi, etc.
  • 40. CYBER-PHYSICAL ATTACK VECTORS: ENERGY Kaspersky Lab Study 2016: Micro Grid
  • 41. CYBER-PHYSICAL ATTACK ANATOMY Attack steps to gain control over terminal facilities to destroy equipment and/or break the process. Get access to industrial network Reconnaissance Get access to SCADA and PLC + get the password Create modified PLC programs Deliver modified logic to target PLCs Emergency alarm 0,5-48 hours 1-4 hours 0,5-6 hours 1-24 hours 0.5-2 hours INCIDENT OBJECT: gasoil discharge terminal TARGET: get access to ICS network, get control over the process, find the ways to break the process / do physical damage. Cyber sabotage scenario modeling / analysis
  • 43. SECURITY AWARENESS & TRAINING SERVICES PLC Fieldbus Control Network SCADA/DCS Network Plant DMZ Network Office Network PLC SCADA SCADA SCADA Internet SCADA Infected USB keys Infected USB keys Infected PLC logic Infected Laptops Insecure Wireless Bad Access Rules Insecure Remote Support Insecure Internet connection
  • 44. MIT THINK SECURITY Industrial Cyber Security workshop 2016
  • 45. OT vs IT BERKLEY Industrial Cyber Security workshop Oct 2017
  • 46. ICS GOVERNENCE ANALYSIS 2016 CIP cybersecurity governance maturity for the countries around the globe
  • 48. COOPERATION WITH RECOGNIZED INDUSTRY DRIVERS