THE SCADA THAT DIDN'T CRY WOLF- WHO'S REALLY ATTACKING YOUR ICS DEVICES- PART DEUX!

Black Hat USA 2013

Presented by: Kyle Wilhoit
Date: Thursday August 01, 2013
Time: 10:15 - 11:15
Location: Palace 2

These attackers had a plan, they acted upon their plan, and they were successful. In my first presentation, given at Black Hat EU in 2013, I covered a robust ICS honeynet that I developed, and who was really attacking them. In this talk, I cover many of the same concepts, but I go several steps further- profiling the attackers that exploited my ICS honeynet.

This talk will profile, provide intelligence, and list actors that attacked my ICS honeypot environment. This talk will also feature a demo of the attackers in progress, exfiltrating perceived sensitive data. In addition, I will discuss in greater detail how I geo-located these individuals, and tracked their movements, operations, and attacks.

Some of the findings are truly surprising and substantial, and my not be what you think they are. This talk will release brand new statistics and attack details seen nowhere else in the ICS community.

Kyle Wilhoit

Kyle Wilhoit is a Threat Researcher at Trend Micro on the Future Threat Research Team. Kyle focuses on original threat, malware, vulnerability discovery/analysis and criminal activity on the internet. Kyle also actively tracks targeted malware based espionage worldwide. Prior to joining Trend Micro, he was the lead incident handler and reverse engineer at a large energy company, focusing on ICS/SCADA security and targeted persistent threats. He has also worked at a tier 1 internet service provider as a threat analyst and incident response specialist. Kyle is also involved with several open source projects and actively enjoys reverse engineering things that shouldn't be.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats