Explore a comprehensive threat intelligence analysis of the Ukrainian power grid hack in this 43-minute conference talk from BSides Philly 2016. Delve into the Indicators of Compromise, Pyramid of Pain, and tools used in the incident. Examine the ICS Kill Chain, including stages involving Microsoft Office, spearphishing, and the BlackEnergy installer. Investigate the attacker's techniques for stealing files and firmware development. Learn about the Sandworm group, their motivations for targeting Ukraine, and the attack timeline. Discuss similarities with other attacks, potential solutions, and alternative attack vectors. Analyze power grid policies, security gaps, and strategies for improving critical infrastructure protection. Gain valuable insights into cyber threats targeting industrial control systems and the complexities of defending against sophisticated adversaries.
Overview
Syllabus
Introduction
Indicators of Compromise
Pyramid of Pain
Tools Used
The Incident
Why
ICS
HMI
Tools
KillDisk
IP Address
Proxy Server
ICS Kill Chain
Stage 1 Microsoft Office
Stage 2 Spearfishing
BlackEnergy Installer
Driver
Main DLL
Stealing Files
Firmware Development
Attack
Sandworm
Why Ukraine
Timeline
Similarities
How can we solve that
Other vectors
The sleeper must awaken
Another pyramid
Power Grid Policies
Security Gap
Summary
Questions
