David Atch of CyberX on the Stage 2: Technical Deep Dives at S4x18 talks about how they use a specialized ICS Sandbox to safely analyze ICS malware.
Knowledge Base for IIoT, ICS & SCADA SecurityYour trusted source for the latest ICS vulnerability research, industrial threat intelligence, and educational information about best practices for IIoT, ICS and SCADA security.
In this educational webinar led by Doug Wylie, SANS Director of the Industrials & Infrastructure practice area and previously Director of Product Security and Risk Management at Rockwell Automation, with Phil Neray, VP of Industrial Cybersecurity at CyberX, we’ll explore the challenges behind blending IT, OT and IIoT Security in the corporate SOC.
CyberX Security Researchers Demonstrate Exfiltration of Reconnaissance Data from Air-Gapped ICS/SCADA Networks
The security research team at CyberX demonstrates a stealthy hack at Black Hat Europe 2017 that shatters the myth of the air-gapped ICS network.
Phil Neray discusses “Global ICS & IIoT Risk Report” on Dale Peterson’s Unsolicited Response Podcast
In this episode of the Unsolicited Response Podcast, host Dale Peterson talks with Phil Neray of CyberX about the Global ICS & IIoT Risk Report.
A data-driven analysis of vulnerabilities in real-world OT networks based on analyzing 375 industrial control networks via Network Traffic Analysis (NTA), across multiple industrial sectors in the US, EMEA and APAC.
SANS Webinar: NotPetya, Dragonfly 2.0 & CrashOverride: Is Now the Time for Active Cyber Defense in ICS/SCADA Networks?
In this educational SANS webinar led by Mike Assante, SANS Director of Critical Infrastructure & ICS/SCADA Security, we’ll explore:
• Limitations of basic ICS/SCADA security: Why firewalls & segmentation aren’t sufficient anymore
• NotPetya, CrashOverride & Dragonfly 2.0: Technical descriptions & how they work
• Active Cyber Defense: What is it & how can ICS/SCADA defenders implement it
Get your complimentary copy of Chapter 1 from this recently-published guide to ICS and SCADA security. Written by ICS/SCADA security experts, this educational chapter describes what’s driving IT/OT convergence and how ICS/SCADA security is different than IT security. It also covers major components, standards and terminology commonly used in industrial environments today (SCADA, DCS, PLC, HMI, NIST SP 800-82, PROFINET, etc.).
According to ICS-ALERT-14-281-01B, BlackEnergy malware targets a vulnerability (CVE-2014-0751) in HMI systems from GE CIMPLICITY, Siemens WinCC, and Advantech/Broadwin WebAccess. CyberX’s threat intelligence team reverse-engineered BlackEnergy3 and discovered it was designed to perform exfiltration of sensitive information from OT networks (especially valuable during the reconnaissance phase of the cyber kill chain). We found that BlackEnergy3 can penetrate OT networks — even when they’re theoretically isolated from IT networks by a firewall — via RPC communication using named pipes over SMB.
Join Mike Assante, SANS Director of Critical Infrastructure & ICS — described in Wired as “one of the most respected experts in the world” when it comes to cyber and power grids — as he discusses new ICS/SCADA attack vectors including:
• WannaCry & Petya ransomware
• Cyber-espionage targeting corporate IP
Download your complimentary overview of best practices risk assessments for ICS and SCADA security, and learn how to implement an ICS-focused risk mitigation framework that’s practical and efficient. This chapter provides specific examples of ICS vulnerabilities and security policies, and describes how to identify assets, network topology, data flows, and vulnerabilities without impacting production systems.