CyberX also sponsors ICS Village at RSA to raise awareness of ICS/SCADA security issues
Boston, MA – April 12, 2018 – CyberX, the IIoT and industrial control system (ICS) security company, today announced that it has been selected to present a session titled Mind the Air-Gap: Exfiltrating ICS Data via AM Radios and Hacked PLC Code, at the 2018 RSA Conference next week in San Francisco.
In the session, CyberX VP of Research, David Atch, will discuss a novel attack technique that stealthily injects rogue ladder logic code into programmable logic controllers (PLCs) without interrupting their normal operation. This approach is similar to the one used in the recently-discovered TRITON attack on a petrochemical facility in Saudi Arabia, in which attackers injected malicious code into a Triconex Safety Instrumented Controller (SIS) — with the likely goal of triggering an explosion that would cause catastrophic physical and environmental damage and potentially loss of human life.
Additionally, CyberX’s RSA session describes an innovative technique that helps shatter the myth of air-gapped ICS networks, which are theoretically isolated from corporate IT networks and the outside world. In the CyberX hack, the rogue ladder logic code has been specially crafted to generate encoded radio signals that are received by ordinary AM radios, enabling adversaries to exfiltrate sensitive IP such as proprietary formulas and recipes — or reconnaissance data about deployed ICS/SCADA devices to aid in planning future destructive attacks.
Part of the ”Hackers and Threats” track at the RSA Conference, CyberX’s RSA session will take place on Wednesday, April 18 from 9:15am PDT – 10:00am PDT (HTA-W04, Moscone South 314). After the session, David will meet attendees and conduct an interactive Q&A in the ICS Village, on Wednesday afternoon from 2:00-3:30pm PST (Marriott Marquis, Yerba Buena 8).
With this presentation, CyberX becomes the first ICS behavioral anomaly detection platform vendor to demonstrate an ICS/SCADA exploit at the RSA Conference, one of the world’s premier cybersecurity conferences. Speaking positions at the RSA Conference are highly competitive, with thousands of submissions for only a few hundred speaking positions. CyberX was also the first ICS security vendor to establish its own ICS security research and threat intelligence team, composed of data scientists and military cyber-experts with nation-state experience defending critical infrastructure.
Additionally, this year CyberX will sponsor the non-profit ICS Village, which equips industry and policymakers to better defend industrial networks through awareness, education, and training.
Further resources include a blog post by CyberX’s threat intelligence team describing their findings from reverse-engineering the TRITON malware; as well as the recording from a recent SANS webinar titled Anatomy of the TRITON ICS Cyberattack.
To meet with one of CyberX’s ICS cybersecurity experts, please send an email to [email protected] or stop by booth #S735 in the South Hall.
About David Atch
David Atch is an ICS cybersecurity expert with extensive experience in malware analysis, threat hunting, and incident response. His vulnerability research was featured in in the popular McGraw-Hill book series, “ICS Hacking Exposed,” and his team has discovered numerous zero-days in widely-used industrial devices which were validated by the ICS-CERT. In February 2016, he uncovered Operation BugDrop, a large-scale cyberespionage campaign targeting Ukrainian critical infrastructure. He also led the team that reverse-engineered BlackEnergy3 and discovered it was designed to perform data exfiltration from OT networks, as well as uncovering that KillDisk malware had evolved into ransomware. Prior to CyberX, Atch had a military career in the IDF where he led their elite team of incident responders who continuously hunted and mitigated cyber-intrusions targeting the country’s critical national infrastructure.
About CyberX (Twitter: @CyberX_Labs)
Founded by military cyber-experts with nation-state expertise defending critical infrastructure, CyberX provides the most widely-deployed platform for continuously reducing ICS and IIoT risk. CyberX’s proprietary self-learning engine delivers accurate insights about ICS assets, targeted attacks, malware, vulnerabilities, and attack vectors — in less than an hour — without relying on rules or signatures, specialized skills, or prior knowledge of the environment.
CyberX is a member of the IBM Security App Exchange Community and has partnered with premier solution providers worldwide including Optiv Security and Deutsche-Telekom/T-Systems. For more information visit CyberX-Labs.com.
Deb Montner, Principal
Montner Tech PR