Analyzing and Understanding CRASHOVERRIDE - ICS Cybersecurity Webcast

Explore the analysis and reverse engineering of CRASHOVERRIDE in this 57-minute webcast recording from Dragos: ICS Cybersecurity. Delve into the known and unknown aspects of the CRASHOVERRIDE framework and its impact on grid operations. Gain insights into the background, technical details, and mitigation strategies for this cybersecurity threat. Examine the investigation timeline, Ukrainian power outage incident, and the framework's components including initial intrusion, persistence, launcher modules, and payload modules. Learn about the IEC 104 module execution flow, wiper module functionality, and potential grid impact scenarios. Discover detection methods for CRASHOVERRIDE on host systems and through Yara rules. Understand key nodes for defeating CRASHOVERRIDE and access additional resources provided by Dragos.

Intro
Background: By the numbers
Dragos Investigation
Dragos Timeline
Ukrainian Power Outage
CRASHOVERRIDE Framework
Initial Intrusion
Time Stamps Tell a Story
Persistence
Launcher Module Crash Caller
Launcher Module: Wiper Thread
Payload Modules
IEC 104 Module Execution Flow
IEC 104 Module Configuration File
Wiper Module: Flow
Wiper Module: File Extensions
Grid Scenarios: Impact
Detecting CRASHOVERRIDE - Host
Detecting CRASHOVERRIDE - Yara
Defeating CRASHOVERRIDE: Key Nodes
CRASHOVERRIDE Resources
Dragos Ecosystem