1、Evolving a Definition of ICS MalwareCapability,Intent,and Adverse EffectsJimmy Wylie,Distinguished Malware AnalystWhy not?Why not?IOT Exploit Tool and moreEasy to communicateEasy to useDifferentiate ICS MalwareTristation ProtocolDownload/Upload Ladder Logic0-Day ExploitFirmware AddressesRootkit Inst
2、allation for privileged accessKeyswitch Bypass-compromises safetyOnly one known deployment causing multiple plant shutdownsTested successfully in the labICS-CapableTristation ProtocolDownload/Upload Ladder LogicFirmware AddressesBad Consequences0-Day ExploitRootkit Installation for privileged access
3、Keyswitch Bypass-compromises safetyOnly one known deployment causing multiple plant shutdownsTested successfully in the Malicious Intent makes MalwareICS-CapableMalicious IntentAdverse EffectsICS-CapableTristation ProtocolDownload/Upload Ladder LogicFirmware AddressesBad ConsequencesCaused multiple
4、site shutdownsRootkit installation for privileged access-safety and security compromiseTesting confirmed these abilitiesMalicious IntentOnly known deployment-attack in 20170-day exploit for TriconexOSKey switch Bypass-compromises safetyRootkit suggests specific process impacts ICS-capableMalicious I
5、ntentBad ConsequencesCrashOverride?Multiple Industrial protocolsSite-specific IPs,breaker and switchgear manipulationDisrupted Transmission substationBad Consequences-The Ability for Adverse Effects on OT Environments?ICS-CapableMalicious IntentAdverse EffectsICS-capable software intentionally desig
6、ned for adverse effects on OT environments.ICS Malware isICS-capable software intentionally designed for adverse effects on OT environments.ICS Malware is3 Properties:ICS-Capable Designed with Malicious Intent Ability for Adverse Effects on OT environmentsFrostyGoopVerdict:?ICS-C