Industrial Cyber Warfare Already Here


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Is there a loophole from which malicious software can enter your network?How would your monitoring devices react once the Trojan or virus has penetrated your network?How would your employees respond? How does your organization cope with the identified threat?How much time and effort is required to rectify and purge the threat?
  • Industrial Cyber Warfare Already Here

    1. 1. Industrial Cyber Warfare Already Here<br />Itzik Kotler<br />CTO, Security Art<br />
    2. 2. Cyber Warfare<br />Cyber Warfare is the use of electronic communications and the Internet to disrupt a country's telecommunications, power supply, transport system, etc.<br />Cyber Warfare arsenal includes: Logic Bombs, Permanent Denial-of-Service, Advanced Persistent Threats and more.<br />
    3. 3. Let Me Stuxnet You!<br />Today it’s a country that seeks to destroy another nation and tomorrow it’s a commercial company that seeks to make a rival company go out of business. An act of Industrial Cyber Warfare.<br />A successfully delivered Industrial Cyber Warfare attack causes financial loss, operation loss, or both to the attacked company!<br />
    4. 4. Industrial Cyber Warfare: Why & Who?<br />Industrial Espionage<br />Rival Companies<br />Foreign Countries<br />Terrorism<br />Political/Social Agenda<br />Revenge<br />Blackmailing<br />Greed, Power and etc.<br />
    5. 5. 1st Step: Getting In<br />Getting infected with malware is usually much easier than detecting it, or getting rid of it.<br />Delivery vectors:<br />Client-side Vulnerabilities<br />Social Networks<br />Social Engineering<br />
    6. 6. Permanent Denial-of-Service<br />Permanent Denial-of-Service is an attack that damages hardware so badly that it requires replacement or reinstallation of hardware.<br />The damage potential is on a grand scale, almost anything and everything is controlled by software that can be modified or attacked<br />
    7. 7. How Permanent Denial-of-Service Works?<br />Pushing hardware to its extreme, or corrupt its internal program/data structures<br />Permanent Denial-of-Service Attacks:<br />Overvolting<br />Overclocking<br />Overusing<br />Power Cycling<br />Phlashing<br />
    8. 8. 2nd Step: Attacking Hardware<br />Permanent Denial-of-Service attacks are ranging from rendering devices such as iPhones, iPod and iPads useless to crashing hard drives, and to increasing the voltage within CPU’s.<br />Permanent Denial-of-Service attacks can be independent, orchestrated, remotely triggered and etc. <br />
    9. 9. Scenario #1: Attacking the CEO’s iPad<br />
    10. 10. Scenario #2: Attacking the CRM/ERP <br />
    11. 11. Scenario #3: Taking down the Company <br />
    12. 12. Industrial Cyber Warfare Already Here<br />Cyber Warfare is expected to hit the commercial market in the next few years and we will see more and more companies been attacked by APT that will “blow up” in their face.<br />There is no silver bullet for it, this threat requires a threat modeling that reflects not only technological understanding but also business understanding of the company and it’s assets.<br />
    13. 13. Thanks!Questions are guaranteed in life; Answers aren't.<br />mailto:<br />