The Sum of All Fears - When ICS - SCADA Are Compromised

Explore the critical cybersecurity issues surrounding Industrial Control Systems (ICS) and SCADA in this comprehensive conference talk from HITB CyberWeek. Delve into the background of ICS/SCADA, examining potential security threats and attack vectors. Witness a live demonstration of hacking an LC using industrial communication protocols and PLC services. Learn how to develop Lua plugins for Wireshark and create exploit code from a hacker's perspective. Discover effective protection strategies to secure ICS/SCADA environments after understanding common attack methods. Gain insights from real-world cyber incidents, including the 2015 Ukraine Power Grid attack, 2017 Triton/Trisis Malware attack, and 2018 Taiwan Semiconductor Factory Malware attack. Explore ICS vulnerabilities, threat hunting techniques using PLC honeypots, and the presence of ICS protocols on Shodan. Examine various attack vectors, including communication protocol attacks and command injections, while learning about fortification strategies for OT cyber defense using a defense-in-depth approach.

Intro
Outline
What is Industrial Control System, ICS?
Purdue Enterprise Reference Architecture, PERA
Common ICS Architecture
ICS Operation
Programmable Logic Controller, PLC
Human Machine Interface. HMI
2015 Ukraine Power Grid Cyber Attack
2017 Triton/Trisis Malware Attack
2018 Taiwan Semiconductor Factory Malware Attack
The ICS Vulnerabilities from NVD
Threat Hunting with PLC Honeypot
ICS Protocols in Shodan
ICS Attack Vectors(1/2)
Communication Protocol Attack
Hacking Path
Remote Stop PLC with M Protocol
Command Injection
Common Flaws in ICS Protocols
Exploit FTP Service-Upload malicious plc program file to
Fortification for OT Cyber Defense: Defense in Depth