SANS Industrial Control Systems Security Blog: Tag - ICS malware

One CIP, Two CIP, Red CIP, Blue CIP

This blog was written by - Tim Conway with contributions, edits, and research from Ted Gutierrez and Kevin Perry Looking at the Ukraine cyber-attacks through the various lenses of NERC CIP Following the cyber-attacks which impacted the Ukrainian electric system on December 23, 2015 there were a number of public statements and discussions asking … Continue reading One CIP, Two CIP, Red CIP, Blue CIP


4 Takeaways from the F&S CNI Cyber Security Report

The Frost & Sullivan research report on the global critical national infrastructure (CNI) cyber security market, coming out on the eve of the SANS European ICS Security Summit, highlights a number of key trends in this increasingly important field.


IRONGATE Malware - Thoughts and Lessons Learned for ICS/SCADA Defenders

FireEye uncovered a new piece of ICS malware that they released todayand their way of approaching it both to the public and in pre-briefing to the media has been outstanding. The malware is not in the wild, is not a threat to the industry, but offers lessons learned and I believe the FireEye/Mandiant team's handling … Continue reading IRONGATE Malware - Thoughts and Lessons Learned for ICS/SCADA Defenders


Detecting the Siemens S7 Worm and Similar Capabilities

An article came out on May 5th titled "Daisy-chained research spells malware worm hell for power plants and other utilities" with the subtitle of "World's first PLC worm spreads like cancer". Having been on the receiving end of sensationalized headlines before I empathize with the authors of the research. Regardless of the headlines, the … Continue reading Detecting the Siemens S7 Worm and Similar Capabilities


Fourth Sample of ICS Tailored Malware Uncovered and the Potential Impact

I looked at the S4 Europe agenda which was sent out this morning by Dale Peterson and saw an interesting bullet: "Rob Caldwell of Mandiant will unveil some ICS malware in the wild that is doing some new and smarter things to attack ICS. We are working with Mandiant to provide a bit more … Continue reading Fourth Sample of ICS Tailored Malware Uncovered and the Potential Impact