Kaspersky SAS SCADA in the Cloud
•
3 likes•3,139 views
This document contains a list of security researchers focused on industrial control systems and SCADA security to prevent industrial disasters. It also lists some of their research goals, including discovering zero-day vulnerabilities in industrial equipment from manufacturers like Schneider Electric, Siemens, and Rockwell Automation. The researchers were able to find over 10 zero-day vulnerabilities across various equipment in a two day period. Responsible disclosure of the vulnerabilities is currently in progress.
Report
Share
Kaspersky SAS SCADA in the Cloud
- 2. ¨ Group of security researchers focused on ICS/SCADA to save Humanity from industrial disaster and to keep Purity Of Essence Alexander Timorin Alexander Tlyapov Alexander Zaitsev Alexey Osipov Andrey Medov Artem Chaykin Denis Baranov Dmitry Efanov Dmitry Nagibin Dmitry Serebryannikov Dmitry Sklyarov Evgeny Ermakov Gleb Gritsai Ilya Karpov Ivan Poliyanchuk Kirill Nesterov Roman Ilin Sergey Bobrov Sergey Drozdov Sergey Gordeychik Sergey Scherbel Timur Yunusov Valentin Shilnenkov Vladimir Kochetkov Vyacheslav Egoshin Yuri Goltsev Yuriy Dyachenko
- 10. ― Google dorks ― Configuration scripts ― FS structure ― etc.
- 18. -‐-‐snip-‐-‐ Comment to PT-‐SOL-‐2014001: The upload path has been changed. It is sAll possible to upload files, but they can't overwrite system criAcal parts any more. Comment to PT-‐SOL-‐2014002: The system backup is created in a randomly chosen path an deleted aJerwards. Therefore an unauthorized access is made much more difficult and very unlikely. Second comment to PT-‐SOL-‐2014002: In order to compensate the weak encrypAon in the configuraAon file, the whole configuraAon file is now encrypted via the new HTTP transmission. -‐-‐snip-‐-‐
- 31. To hack what? Grandmom’s reel 2 reel recorder?
- 34. *Special Bushehr photo for scary ICS security slides *
- 49. As a side note, there is about a 3GW buffer in the European energy grids -- take 3GW off the net within a couple of seconds (or add them), and lights will go out. For quite a long while.
- 51. 0 50 100 150 200 250 ABB Advantech Emerson Honeywell Other Siemens Schneider Electric Total Total Fix Vulns Fixed
- 52. ¨ PHDays III Choo Choo Choo Pwn ¡ Security assessment/Pentest ¨ PHDays IV Critical Infrastructure Attack ¡ 0-day research http://bit.ly/1t8poTL http://www.phdays.com/press/news/38171/
- 53. ¨ Goals ¡ 0-day research on ICS components ¡ Make a disaster ¡ 0-day/1-day, CVSS, complexity, exploit, practical impact (e.g. disaster) ú Mom, I can spoof MODBUS tag = 0 ;) ¨ Tragets ¡ Schneider Electric ú Wonderware System Platform, InduSoft Web Studio 7.1.4, ClearSCADA, IGSS, MiCOM C264 ¡ Siemens ú Flexible, TIA Portal 13 Pro, WinCC, KTP 600, Simatic S7-1500 (1511-1 PN), S7-300 (314С-2 DP + CP343), S7-1200 v3, S7-1200 v2.2 ¡ Rockwell Automation ú RSLogix 500, Allen-Bradley MicroLogix 1400 1766-L32BWAA ¡ WellinTech KingSCADA, ICONICS Genesis64, ICP DAS PET-7067, Kepware KepServerEX(S7, DNP3), Honeywell Matrikon OPC (Modbus, DNP3), etc.
- 54. ¨ Winners ¡ Alisa Esage – SE InduSoft Web Studio 7.1 ¡ Nikita Maximov & Pavel Markov - ICP DAS RTU ¡ Dmitry Kazakov - Siemens Simatic S7-1200 PLC ¨ 2 days – 10+ 0days ¨ Responsible disclosure: in progress ¨ Fixes?
- 55. Marinna Krotofil, 31C3, Hamburg, Germany
- 56. Marinna Krotofil, 31C3, Hamburg, Germany
- 58. ¨ Industrial security: directly affect industrial safety, can cause man-made disaster ¨ Economic efficiency: affect quantitative economic indicators of the processes, automated with ICS ¨ Other functional safety and reliability issues: affect qualitative or quantitative indicators of performance, reliability and security (SIL, MTBF, etc.)
- 59. a process that ensures control object operation with no dangerous failures or damage, but with a set economic efficiency and reliability level maintained in the light of adverse anthropogenic information influence
- 60. Yellow Green
- 62. Safety Integrity Level Probability of Failure on Demand (PFD) Probability of Failure per Hour (PFH)
- 64. Yellow Red
- 65. What is the mean time between failures (MTBF) for Windows- based HMI if the operator follows recommended patch management practice?
- 71. Modern Smart Grid: - ICS/SCADA - Mobile carrier - Billing/Payment - IoT -Cloud
- 73. Alexander @arbitrarycode Zaitsev Alexey @GiftsUngiven Osipov Kirill @k_v_nesterov Nesterov Dmtry @_Dmit Sklyarov Timur @a66at Yunusov Gleb @repdet Gritsai Dmitry Kurbatov Sergey Puzankov Pavel Novikov
- 78. *Allpicturesaretakenfrom googleandotherInternets Alexander Timorin Alexander Tlyapov Alexander Zaitsev Alexey Osipov Andrey Medov Artem Chaykin Denis Baranov Dmitry Efanov Dmitry Nagibin Dmitry Serebryannikov Dmitry Sklyarov Evgeny Ermakov Gleb Gritsai Ilya Karpov Ivan Poliyanchuk Kirill Nesterov Roman Ilin Sergey Bobrov Sergey Drozdov Sergey Gordeychik Sergey Scherbel Timur Yunusov Valentin Shilnenkov Vladimir Kochetkov Vyacheslav Egoshin Yuri Goltsev Yuriy Dyachenko