Sunday, February 5, 2023
  • USENIX Security ’22 – ‘How Machine Learning Is Solving The Binary Function Similarity Problem’
  • Gov Threatens Jail for Dangerously Diseased Americans Refusing Treatment
  • Dynamic Approaches seen in AveMaria’s Distribution Strategy
  • Tesla Asleep at the Wheel
  • Fortinet Adds Services to Help Close Cybersecurity Skills Gap

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » Triton, BlackEnergy, WannaCry – Has Your Behavior Changed?

SBN

Triton, BlackEnergy, WannaCry – Has Your Behavior Changed?

by Gary DiFazio on January 16, 2019

Hopefully the title of this blog has gotten your attention. In one of my prior blogs, ICS Cybersecurity: Visibility, Protective Controls, Continuous Monitoring – Wash, Rinse, Repeat, we talked about how the malicious threat landscape for industrial controls systems is constantly evolving and getting more sophisticated, thereby raising the need to have visibility, implement protective controls and perform continuous monitoring.

TechStrong Con 2023Sponsorships Available

In this blog, we will take a more detailed look at the attack vectors of some malware/malicious events like Triton that occurred over the last decade, including some attacks that did not target industrial control systems.

Whether it be ransomware, malware or a targeted attack, each of these vectors need access to the environment. There are many ways for attackers to gain access; these events oftentimes involve phishing, stolen credentials, hijacking/infecting a transient device such as a laptop or USB flash drive or exploiting a vulnerability, etc. to name a few.

While NotPetya and WannaCry had a massive impact on industrial environments in terms of negatively impacting productivity and financial results, these threats did not directly target industrial control system environments. It is still very important to have visibility within your control network to understand if such an event is occurring, and it’s essential to have protective controls in place that can mitigate their spread and potential impact. If we look at malicious behavior that actually compromised an industrial process, the same best practices around visibility, protective controls and continuous monitoring apply; they can help organizations detect malicious activity before the threat actor gains control of your industrial process.

The image shown below outlines the phases of infiltration for a malicious “payload”.

It’s important to not forget that attackers first need access to the environment, which is achieved by the following:

  1. Obtaining a network communications path, i.e. “the (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Gary DiFazio. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/triton-blackenergy-wannacry-behavior-changed/

January 16, 2019January 17, 2019 Gary DiFazio BlackEnergy, ICS Security, triton, WannaCry
  • ← Cybersecurity Professionals Weigh In On What to Expect in 2019
  • PKI Deployment: The Top 10 Definitive Answers →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

‘Finish Him!’ US Kills Huawei With Final Tech Ban
Zero-Trust Alone Won’t Save You
Coalition Forecasts CVE Disclosure Spike in 2023
Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology
Organizations Preparing for Cyberwar
Illicit Telegram Groups: A New Dark Web Frontier?
What is Fintech as a service & the Impact of APIs on Fintech?
Google’s open source team layoffs: Your software supply chain security is at risk
How Attackers Can Exploit GCP’s Multicloud Workload Solution
Customer Story | East Prairie School District Mitigates Third-Party Risk With Automated Cloud Security

Upcoming Webinars

Mon 13

AI in Machine Learning

February 13 @ 1:00 pm - 2:00 pm
Wed 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Wed 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Tue 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Wed 22

Three Steps to Software Supply Chain Security Success in 2023

February 22 @ 1:00 pm - 2:00 pm
Tue 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm
Mar 20

Software Supply Chain Security

March 20 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cybersecurity Data Security DevOps Editorial Calendar Endpoint Featured Humor Identity & Access Incident Response Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Anker’s Eufy Admits ‘Lie’ After TWO Months — Still no Apology

February 3, 2023 Richi Jennings | 1 day ago 0
‘Finish Him!’ US Kills Huawei With Final Tech Ban
AI and Machine Learning in Security AI and ML in Security Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Industry Spotlight IOT IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Finish Him!’ US Kills Huawei With Final Tech Ban

February 1, 2023 Richi Jennings | 3 days ago 0
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | Jan 23 0

Top Stories

Fortinet Adds Services to Help Close Cybersecurity Skills Gap
Cybersecurity Featured Incident Response News Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

Fortinet Adds Services to Help Close Cybersecurity Skills Gap

February 3, 2023 Michael Vizard | 1 day ago 0
Businesses Bolster Defenses as Data Breach Concerns Grow
Cybersecurity Data Security Featured Incident Response News Security Boulevard (Original) Threat Intelligence 

Businesses Bolster Defenses as Data Breach Concerns Grow

February 3, 2023 Nathan Eddy | 2 days ago 0
AI, Processor Advances Will Improve Application Security
Application Security Cybersecurity Featured Malware News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence 

AI, Processor Advances Will Improve Application Security

February 2, 2023 Michael Vizard | 2 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Bursa of Fabricius’

Randall Munroe’s XKCD ‘Bursa of Fabricius’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.