Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Incubation of ICS Malware (English)

Dale Peterson and Corey Thuen pinch hit for Kyle Wilhoit to present his concept of malware incubation. It is creating a realistic environment for malware to be grown so that it can be studied and help with incident response.

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

  • Gehören Sie zu den Ersten, denen das gefällt!

Incubation of ICS Malware (English)

  1. 1. SCADA Honeypots • A device or system (Honeynet) that is on a live network, but has no operational purpose – Different levels of interaction / realism – How long will it fool an attacker
  2. 2. Detect Attacks • Nothing should access the Honeypot since it has no legitimate purpose • Any traffic is either an attack or spurious traffic • Debate on the value of Honeypot’s in detecting attacks – Many say there are better, more efficient solutions – IDS and other network monitoring
  3. 3. Learn How Attackers Work • Real value of the Honeypot • High interaction may lead to attacker revealing advanced techniques, end goals, other info • Decision … how exposed is the Honeypot? – Widely exposed (on Internet) many will hit the Honeypot and lots of data to review – Hidden on secure network, may see little activity
  4. 4. Analysis is Important
  5. 5. Incubator
  6. 6. Why An Incubator? • Be prepared to analyze malware / attacks • Identify what the attack did so you can fix the affected systems • Learn what information or control was lost • Attempt to identify the attacker