Wednesday, August 9, 2017

Analysis Of The Malware Reportedly Used in the December 2016 Ukrainian Power System Attack

Senior experts of SANS ICS and E-ISAC have released a very good report:

ICS Defense Use Case No. 6:
Modular ICS Malware
August 2, 2017

This document contains a summary of information compiled from multiple publicly available sources, as well as analysis performed by the SANS Industrial Control Systems (ICS) team in relation to this event. Elements of the event provide an important learning opportunity for ICS defenders.

The sharing of this report is very much appreciated. It is very rare to get such a professional publicly available analysis about a significant and terrifying event in the control system world.

The report closes with this very important statement:

Defenders must take this opportunity to conduct operational and engineering discussions as suggested in this DUC and enhance their capabilities to gain visibility in to their ICS networks and hosts. The community must learn as much as it can from real world incidents and not delay; we expect adversaries to mature their tools and enhance them with additional capabilities.

I recommend you to study this document and get trained by the real experts - for the good of your country! Don't accept the decision of your HR ... not providing you the budget for training. Quite often HR managers believe that our systems are secure - no need for training on security, communication standards, etc.

Click HERE for the full report.

By the way, the SCADASEC blog (as a crucial platform for ICS defenders and other people) is a nice place to visit, discuss and learn issues related to the topics discussed in the paper.

No comments: