1. InfoconDB
  2. Black Hat
  3. Black Hat USA 2013
  4. The SCADA That Didn't Cry Wolf - Who's Really Attacking Your ICS Devices - Part Deux!

The SCADA That Didn't Cry Wolf - Who's Really Attacking Your ICS Devices - Part Deux!

Presented at Black Hat USA 2013, Aug. 1, 2013, 10:15 a.m. (60 minutes)

These attackers had a plan, they acted upon their plan, and they were successful. In my first presentation, given at Black Hat EU in 2013, I covered a robust ICS honeynet that I developed, and who was really attacking them. In this talk, I cover many of the same concepts, but I go several steps further- profiling the attackers that exploited my ICS honeynet.

This talk will profile, provide intelligence, and list actors that attacked my ICS honeypot environment. This talk will also feature a demo of the attackers in progress, exfiltrating perceived sensitive data. In addition, I will discuss in greater detail how I geo-located these individuals, and tracked their movements, operations, and attacks.

Some of the findings are truly surprising and substantial, and my not be what you think they are. This talk will release brand new statistics and attack details seen nowhere else in the ICS community.


Presenters:

  • Kyle Wilhoit - Trend Micro
    Kyle Wilhoit is a Threat Researcher at Trend Micro on the Future Threat Research Team. Kyle focuses on original threat, malware, vulnerability discovery/analysis and criminal activity on the internet. Kyle also actively tracks targeted malware based espionage worldwide. Prior to joining Trend Micro, he was the lead incident handler and reverse engineer at a large energy company, focusing on ICS/SCADA security and targeted persistent threats. He has also worked at a tier 1 internet service provider as a threat analyst and incident response specialist. Kyle is also involved with several open source projects and actively enjoys reverse engineering things that shouldn't be.

Links:

Similar Presentations: