Target ICS softwares:
- GE CIMPLICITY
- Advantech
- Siemens
Vulnerabilty in GE CIMPLICITY
- path traversal vulnerability if the web app of the system is connected to internet.
More and more vulnerabilities was exploited by phishing email attack.
- it is turned off by default.
How attacker found the systems:
- through shodan
- searching port 10212
Examples of malwares:
- Stutnex
- Havex ICS
- Black Energy ICS
How to prevent:
- Tactical
1. Appropriate network segmentation
2. Policies governing internet access to any machine that can talk into ICS network
3. Works with vendors and integrators to achieve secure systems
4. Use IOCs (Indicator of Compromises) at network perimeters
and key communication aggregation points.
- Strategic (organization specific)
1. Inventory
2. System hardening
3. File validation
4. Monitoring
5. Response capabilities
6. Training
Reference: SANS webcast (by Critical Intelligence)
