CyberX becomes first ICS security vendor to demonstrate live exploit at famed Black Hat conference
BOSTON, Dec. 1, 2017 /PRNewswire/ — CyberX, provider of the most widely-deployed industrial cybersecurity platform for continuously reducing industrial control system (ICS) risk, today announced that its groundbreaking ICS security research will be featured at Black Hat Europe 2017 in London (December 4-7, 2017).
At this world-renowned conference, CyberX security researchers will demonstrate a stealthy hack that once again shatters the myth of the air-gapped ICS network. By injecting specially-crafted ladder logic code into Programmable Logic Controllers (PLCs), the hack generates encoded radio signals that can then be received by ordinary AM radios in order to exfiltrate sensitive data from air-gapped networks. This crafty technique could be used to exfiltrate corporate trade secrets such as proprietary formulas, military secrets such as nuclear blueprints, and reconnaissance data for use in future destructive attacks such as details about ICS network topologies and device configurations.
During their talk entitled “Exfiltrating Reconnaissance Data from Air-Gapped ICS/SCADA Networks,” CyberX VP of Research David Atch and security researcher George Lashenko will explain why using PLCs to perform data exfiltration is superior to using PC-based systems such as SCADA workstations. Because PLCs run embedded real-time operating systems and have limited CPU and memory resources, they don’t run anti-malware programs that could be used to detect malicious code. In addition, malicious PLC code remains persistent during both warm and cold resets, including when updates are made to the PLC project.
With this presentation, CyberX becomes the first ICS security vendor to demonstrate a live ICS/SCADA security exploit at Black Hat. CyberX was also the first ICS security vendor to establish its own in-house security research and threat intelligence team, which is composed of military cyber experts with nation-state experience defending critical national infrastructure.
“Organizations often have a false sense of security if their networks are air-gapped, or isolated from the Internet,” said David Atch, VP of Research for CyberX. “This exploit demonstrates that even truly air-gapped networks are vulnerable to targeted attacks by determined adversaries. It’s also important to note that the exploit doesn’t rely on any security vulnerabilities or design flaws in the PLC itself, but rather, exploits inherent ‘insecure by design’ aspects of most industrial protocols in use today, such as weak or no authentication. This makes it easier to upload malicious code into PLCs once the ICS network has been compromised via other common attack vectors, including via remote access credentials stolen from control engineers, infected software updates from industrial automation vendor websites, or malicious USB drives inadvertently brought into the network by compromised third-party maintenance personnel.”
According to network traffic data collected and analyzed by CyberX from 375 production ICS networks worldwide, 60 percent of industrial sites have plain-text passwords traversing their ICS networks, which can easily be sniffed by cyberattackers. Data from CyberX’s “Global ICS & IIoT Risk Report” also shows that one-third of industrial sites are actually connected to the Internet (i.e., not air-gapped).
The researchers will also describe how industrial and critical infrastructure organizations can defend against targeted ICS attacks with continuous monitoring and behavioral anomaly detection. For example, these types of multi-layered defenses would immediately detect the cyber reconnaissance phase preceding data exfiltration — such as devices scanning the network and querying devices for configuration information — as well as unauthorized updates to PLC ladder logic code.
About CyberX (Twitter: @CyberX_Labs)
CyberX provides the most widely-deployed industrial cybersecurity platform for continuously reducing ICS risk. Purpose-built for ICS security and supporting a broad range of IIoT and industrial automation manufacturers, the CyberX platform delivers continuous ICS threat monitoring and asset discovery, combining a deep understanding of industrial protocols, devices, and applications with ICS-specific behavioral analytics, threat intelligence, risk and vulnerability management, and automated threat modeling.
CyberX is the only OT security firm selected for the SINET Innovator Award sponsored by the US DHS and DoD; the only one recognized by the International Society of Automation (ISA); and the only one selected by the Israeli national consortium providing critical infrastructure protection for the Tokyo 2020 Olympics. For more information, visit CyberX-Labs.com.