PIPEDREAM - Most Flexible & Capable ICS Malware To Date
HTML-код
- Опубликовано: 6 июл 2024
- Rob Lee, founder and CEO of Dragos, gives the opening keynote of S4x22 Day 2 on the ICS malware they call PIPEDREAM. The first third of the keynote focuses on what this means for asset owners and how they should react. Who should prioritize threat hunting ("you don't get to vote if you are a target")?
The remainder of the talk is on the malware itself and a bit on mitigations. The PLC Proxy capabilities is particularly interesting. Even if you have heard about INCONTROLLER/PIPEDREAM before you will find this a worthwhile watch. 
Наука
Haha love the final part message to the adversaries
Great mapping of Pipedream along Purdue and MITRE, thx Mr. Lee!🙌
Also a very good point by Robert in regards to predicting threat actors' targeting. It's a waste of time to debate whether you are likely to be targeted or not. Focus on deploying robust security controls and always be prepared for the unexpected.
Schrodinger ICS, haha. Good point to invest more in detection and response as opposed to concentrating all resources on prevention.
Great talk, Rob!
Lateral movement monitoring. Not just what comes in and goes out.
Great talk
Great Talk
Very interesting that Dragos does not do attribution unless it affects the incident response process. It seems like an efficient way to approach things given that the priority should be to formulate how to properly defend the systems at hand.
These threat actors are really organized. I didn't know there were separate groups that specialized in access or the activity in itself.
Are you certain the adversaries' tradecraft error wasn't intentional as a warning signal from the adversary nation state to the USA?