An Analysis of Black Energy 3, Crashoverride, and Trisis, Three Malware Approaches Targeting Operational Technology Systems

Connected factories offer more and more possibilities to bring business logic in the industrial related components like industrial control systems (ICS). These systems in the operational technology (OT) sector are usually harder to update and maintain compared to IT systems. In recent years, the number of cyberattacks that are specifically tailored to OT systems has increased. We analyzed BlackEnergy 3 (BE3), Crashoverride (CO), and Trisis (TS). After describing the occurrences of these attacks, we looked for similar strategies between these three approaches and propose promising methods to prevent such or similar attacks in the future.

[1]  Huaqun Guo,et al.  A Survey on IIoT Security , 2019, 2019 IEEE VTS Asia Pacific Wireless Communications Symposium (APWCS).

[2]  Joseph Slowik Evolution of ICS Attacks and the Prospects for Future Disruptive Events , 2019 .

[3]  Christoph Konrad,et al.  Applicability of Security Standards for Operational Technology by SMEs and Large Enterprises , 2020, 2020 25th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA).

[4]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[5]  Michael J. Assante,et al.  The Industrial Control System Cyber Kill Chain , 2016 .

[6]  C. Hummel Why Crack When You Can Pass the Hash? , 2015 .

[7]  Rafał Renk,et al.  Cyber Threats Impacting Critical Infrastructures , 2016 .

[8]  Jules White,et al.  Cyber-physical security challenges in manufacturing systems , 2014 .

[9]  Anthony Lai,et al.  Evidence of Advanced Persistent Threat: A case study of malware for political espionage , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[10]  Michael Chertoff Department of Homeland Security. , 2007, Disaster medicine and public health preparedness.

[11]  Navjyotsinh Jadeja,et al.  Implementation and Mitigation of Various Tools for Pass the Hash Attack , 2016 .

[12]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[13]  Guofei Gu,et al.  Conficker and beyond: a large-scale empirical study , 2010, ACSAC '10.

[14]  Yan Zhang,et al.  The Design and Implementation of Host-Based Intrusion Detection System , 2010, 2010 Third International Symposium on Intelligent Information Technology and Security Informatics.

[15]  Ulf Lindqvist,et al.  Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[16]  Dayu Yang,et al.  Anomaly-Based Intrusion Detection for SCADA Systems , 2006 .

[17]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.