filmov
tv
Sophisticated Market Manipulation | The Top 20 Cyber Attacks on Industrial Control Systems #9 | iSi
Показать описание
DOWNLOAD THE ACCOMPANYING WHITE PAPER TO THIS SERIES
WATCH MORE EPISODES
DISCOVER MORE RESOURCES
0:00 Welcome
0:57 Eps. 8 Recap
1:44 Attack Scenario
7:39 Sophistication
8:05 Consequences
8:38 2013 Security Posture
10:03 Unidirectional Security Gateway
11:22 The Score Card
THE INDUSTRIAL SECURITY INSTITUTE
EPS. 9 - SOPHISTICATED MARKET MANIPULATION
Sophisticated attackers carry out the market manipulation attack but in a way that is more
difficult to defeat. They use known vulnerabilities in Internet-facing systems to compromise the
IT network of a services company known to supply services to their real target. The attackers
write their own RAT malware and deploy it only at the services company, so that antivirus tools
at the services company cannot detect the RAT. The attackers use the RAT to compromise the
laptops of personnel who routinely visit the real target. When the attackers detect that the
compromised laptops are connected to the real target's IT network, the attackers operate the
RAT by remote control and propagate the RAT into the target's IT network. Inside the target's IT network, the attackers continue to operate the RAT. Intrusion detection systems are blind to the activity of the RAT, because the attack is low-volume, using command lines rather than remote-desktop-style communications. The RAT's command-and-control communications are steganographically-encoded in benign-seeming communications with compromised websites. The attack ultimately propagates to the ICS network, with the same consequences as the Market Manipulation attack.
THE TOP 20 CYBERATTACKS ON INDUSTRIAL CONTROL SYSTEMS
These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. In this series we show how to use the Top 20 Cyberattacks to compare the strength of two security postures at a hypothetical water treatment plant: Defence in depth 2013 (software based security) vs. that same security posture plus a unidirectional security gateway device providing hardware-enfonced security). We ask the question, does either defensive posture reliably defeat each attack? Over the course of 20 episodes we build a score card that can be used to easily communicate risk reduction benefits to business decision-makers who are not familiar with cyber-security
ABOUT ANDERW GINTER
At Waterfall, Andrew leads a team of experts who work with the world’s most secure industrial sites. He is author of two books on industrial security, a co-author of the Industrial Internet Consortium’s Security Framework, and the co-host of the Industrial Security Podcast. Andrew spent 35 years designing SCADA system products for Hewlett Packard, IT/OT connectivity products for Agilent Technologies, and OT/ICS security products for Industrial Defender and Waterfall Security Solutions.
DISCOVER MORE RESOURCES
FOLLOW ANDREW GINTER
FOLLOW WATERFALL SECURITY SOLUTIONS
#IndustrialSecurity #Cybersecurity #SophisticatedMarketManipulation
WATCH MORE EPISODES
DISCOVER MORE RESOURCES
0:00 Welcome
0:57 Eps. 8 Recap
1:44 Attack Scenario
7:39 Sophistication
8:05 Consequences
8:38 2013 Security Posture
10:03 Unidirectional Security Gateway
11:22 The Score Card
THE INDUSTRIAL SECURITY INSTITUTE
EPS. 9 - SOPHISTICATED MARKET MANIPULATION
Sophisticated attackers carry out the market manipulation attack but in a way that is more
difficult to defeat. They use known vulnerabilities in Internet-facing systems to compromise the
IT network of a services company known to supply services to their real target. The attackers
write their own RAT malware and deploy it only at the services company, so that antivirus tools
at the services company cannot detect the RAT. The attackers use the RAT to compromise the
laptops of personnel who routinely visit the real target. When the attackers detect that the
compromised laptops are connected to the real target's IT network, the attackers operate the
RAT by remote control and propagate the RAT into the target's IT network. Inside the target's IT network, the attackers continue to operate the RAT. Intrusion detection systems are blind to the activity of the RAT, because the attack is low-volume, using command lines rather than remote-desktop-style communications. The RAT's command-and-control communications are steganographically-encoded in benign-seeming communications with compromised websites. The attack ultimately propagates to the ICS network, with the same consequences as the Market Manipulation attack.
THE TOP 20 CYBERATTACKS ON INDUSTRIAL CONTROL SYSTEMS
These Top 20 attacks have been selected to represent cyber threats to industrial sites across a wide range of circumstances, consequences and sophistication. No industrial operation is free of risk, and different industrial enterprises may legitimately have different “appetites” for certain types of risks. In this series we show how to use the Top 20 Cyberattacks to compare the strength of two security postures at a hypothetical water treatment plant: Defence in depth 2013 (software based security) vs. that same security posture plus a unidirectional security gateway device providing hardware-enfonced security). We ask the question, does either defensive posture reliably defeat each attack? Over the course of 20 episodes we build a score card that can be used to easily communicate risk reduction benefits to business decision-makers who are not familiar with cyber-security
ABOUT ANDERW GINTER
At Waterfall, Andrew leads a team of experts who work with the world’s most secure industrial sites. He is author of two books on industrial security, a co-author of the Industrial Internet Consortium’s Security Framework, and the co-host of the Industrial Security Podcast. Andrew spent 35 years designing SCADA system products for Hewlett Packard, IT/OT connectivity products for Agilent Technologies, and OT/ICS security products for Industrial Defender and Waterfall Security Solutions.
DISCOVER MORE RESOURCES
FOLLOW ANDREW GINTER
FOLLOW WATERFALL SECURITY SOLUTIONS
#IndustrialSecurity #Cybersecurity #SophisticatedMarketManipulation
0:12:11
0:22:19
0:15:15
0:13:48
0:14:51
0:17:07
0:12:23
0:18:02
0:00:17
0:00:43
0:02:01
0:00:35
0:14:59
0:13:16
0:09:30
0:16:49
0:14:47
0:18:31
0:16:04
0:06:51
0:00:18
0:15:56
0:00:39
0:06:01