Professional Documents
Culture Documents
Q: Why are there so few defensive tools available for the ICS environment?
A: ICS environments are very complex and diverse. With components not built to support
cybersecurity capabilities. Because the components are so different, it is difficult for vendors to
develop cyber tools that will defend a broad array of devices without a lot of customization.
Vendors want to make money and customization eats up profits really quickly.
Q: Can you give some examples of attacks that were modified from previous malware?
A: The Sony rootkit was instrumental in rootkits being included in most modern malware.
Crimeware kits used to compromise websites gained popularity and compromised websites
escalated correspondingly. SQL inject attacks were a leading threat and claimed many victims
such as IKEA. Stuxnet had spin-offs Duqu and Flame. CryptoWall and CryptoDefense were
spin-offs of Cryptolocker.
A: The six most common types of malware are viruses, worms, Trojan Horses, spyware, adware, and
ransomware. There are variations on some of these six, such as malvertising, a form of adware.
Hybrids and Exotics are a combination of different types of malware, relying on each type to propagate
through a computer and/or network.
Q: know IoT/IIoT was not covered, but what are the cyber risks associated with IoT/IIoT and
have there been compromises of these devices?
A: Here at the lab, our IT department has instituted a number of different awareness programs.
We have phishing campaigns throughout the year. They are conducting a phishing contest right
now to see which team(s) can recognize the most phishing emails.
A: Saudi Aramco (Shamoon), Iranian uranium enrichment facility near Natanz (Stuxnet), Sony
Pictures (Data mining attack), A, P. Moller-Maersk shipping (NotPetya) to name a few.
Q: Can you please provide more clarity on what the purple line indicates on the Threat Trend
diagram?
A: The purple curve represents the timeline when hackers started to target ICS. That is why the
intruder knowledge is indicated as “high”. But once attack code was developed and placed on the
internet, other hackers took the code and changed or enhanced it for other attacks. Such as the
spin-offs stated earlier.
Q: Are boxes running Windows Software the largest target on the ICS?
A: Windows systems are generally the most vulnerable devices on the ICS networks. Because the
ICS systems are 10, 20 or more years old. Therefore, the Windows systems are, for the most part,
end-of-life and patches are not available for the vulnerabilities that exist on them.