In this session, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller that can be used to disrupt and/or destruct devices in industrial environments. In April 2022, a joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created this suite of specialized tools capable of causing major damage to PLCs from Schneider Electric and OMRON Corp. and servers from open-source OPC Foundation. Analysts believe the malware has not been deployed yet in the wild and that its operator likely plans on using it in future operations. Based on analysis, the framework has been designed to target equipment in electric power and liquified natural gas (LNG) facilities, but it could easily be adapted for other types of environments, as well as devices beyond Schneider and Omron PLCs.
View all 2022 Conference sessions on demand here: https://ics.securityweek.com/
Deep Dive: PIPEDREAM/Incontroller ICS Attack Framework
In this session, Mark Plemmons, Sr. Director for Threat Intelligence at Dragos, dives deep into the technical details and real-world impact on the modular ICS attack framework known as PIPEDREAM/Incontroller
NSA, CISA Explain How Adversaries Plan and Execute ICS/OT Attacks
A joint advisory describes five typical steps involved in planning and executing an attack on Industrial control systems (ICS) and other operational technology (OT) systems
All ICS Vendors Impacted by OT:Icefall Vulnerabilities Have Released Advisories
All ICS vendors impacted by the recently-disclosed OT:Icefall vulnerabilities have released advisories to inform customers about the impact of the flaws and to provide mitigations.
2023 Full Day ICS Cybersecurity Training Courses
Conference attendees can register for optional full-day ICS cybersecurity training sessions that take place on Monday, October 24th, 2022.
Industrial Control Systems Cybersecurity Training Act Passed by House of Representatives
Industrial Control Systems Cybersecurity Training Act.
Researchers Use IoT and IT to Deliver Ransomware Attack Against OT
Critical industries must prepare themselves for a new wave of ransomware attacks specifically targeting OT
Russia-Linked Pipedream/Incontroller ICS Malware Designed to Target Energy Facilities
A modular ICS attack framework and a collection of custom-made tools, can be used by threat actors to target ICS and SCADA devices, including programmable logic controllers (PLCs) from Schneider Electric and Omron, and OPC UA servers.