![Page 1: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/1.jpg)
Modern Malware Demands Modern Defense
Robert M. Lee & Tim Conway
ICS.SANS.ORG
![Page 2: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/2.jpg)
![Page 3: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/3.jpg)
Learning LeadingDefending
![Page 4: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/4.jpg)
Learning
![Page 5: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/5.jpg)
Defending
![Page 6: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/6.jpg)
Defending
![Page 7: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/7.jpg)
ics-community.sans.org
Major Public ICS Incidents & Access Campaigns
Low HighICS IMPACTS
High
ICS Recon
Stuxnet (all versions)
(Nuisance) (Lost Productivity/Data) (Lost Value)
ICS Targeting
ICS Delivery
ICS Exploits
ICS Payload
Low
UnspecifiedGerman Facility
Havex(OPC module)
Critical InfrastructureData Exfiltration
BlackEnergy 2(various ICS modules)
NY Dam Intrusion
BE3
ICS
CU
STO
MIZ
ATI
ON
(Loss of Safety, Reliability, Assets)
Dec 2016Ukraine Power Outage
Dec 2015Ukraine Power Outage
Stage One
Stage Two
TRISIS
Defending
![Page 8: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/8.jpg)
ics-community.sans.org
ICS
Atta
cks
225kUkraine 2015
Three electric utilities attacked through a cyber means resulting in 225k customers out of power
200 MW
Ukraine 2016Electric transmission substation attacked
through a cyber means
SISMiddle East Facility 2017
Safety Instrumented System, targeted and
impacted
?Combination
Safety or protection system manipulation
followed by intentional control system misuse to cause equipment damage
and human health and safety impact
Defending
![Page 9: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/9.jpg)
ics-community.sans.org
Leading
Vendors
EducatorsICS
Community OEM
Government
Asset Owners
Integrators
![Page 10: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/10.jpg)
ics-community.sans.org
Vendors
EducatorsOEM
Government
Asset Owners
IntegratorsLearning LeadingDefending
![Page 11: Modern Malware Demands Modern Defense · BlackEnergy 2 (various ICS modules) NY Dam Intrusion TION BE3 (Loss of Safety, Reliability, Assets) Dec 2016 Ukraine Power Outage Dec 2015](https://reader034.vdocuments.us/reader034/viewer/2022042307/5ed37c42847f87317f77bfd8/html5/thumbnails/11.jpg)
Join the Community that is defending our Critical Infrastructure