Targeted ICS softwares

Target ICS softwares:
- GE CIMPLICITY
- Advantech
- Siemens


Vulnerabilty in GE CIMPLICITY

- path traversal vulnerability if the web app of the system is connected to internet.
  More and more vulnerabilities was exploited by phishing email attack.
- it is turned off by default.

How attacker found the systems:
- through shodan
- searching port 10212


Examples of malwares:
- Stutnex
- Havex ICS
- Black Energy ICS


How to prevent:
- Tactical
  1. Appropriate network segmentation
  2. Policies governing internet access to any machine that can talk into ICS network
  3. Works with vendors and integrators to achieve secure systems
  4. Use IOCs (Indicator of Compromises) at network perimeters
      and key communication aggregation points.
- Strategic (organization specific)
  1. Inventory
  2. System hardening
  3. File validation
  4. Monitoring
  5. Response capabilities
  6. Training

Reference: SANS webcast (by Critical Intelligence)

Lancope's StealthWatch

[Requirement]
- need to have the following flow data as the input:
   NetFlow (from Cisco, Juniper), IPFIX, or sFlow (from HP ProCurve, Brocade)

[Input & How]
- by collecting and analyzing NetFlow, IPFIX and other types of flow data
- Through pervasive insight across distributed networks, including mobile, identity and application awareness

[Output]
- (quickly) detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats

[Advantage of using the solution]
- accelerates incident response, improves forensic investigations and reduces enterprise risk
[Links] - http://www.lancope.com/products/