诺姆·摩西_从漏洞到取证证据解开Unitronics攻击.pdf

编号:175455 PDF 89页 6.70MB 下载积分:VIP专享
下载报告请您先登录!

诺姆·摩西_从漏洞到取证证据解开Unitronics攻击.pdf

1、Team82From Exploits to Forensic Evidence:Unraveling the Unitronics AttackNoam Moshe Claroty Research,Claroty Team82$whoamiNoam MosheVulnerability researcher-mostly breaking IoT clouds.Master of Pwn Pwn2Own ICS 2023.*Special thanks to Claroty Team82 researchers:Sharon Brizinov,Vera Mens,Tomer Goldsch

2、midtSo whats the sitch?So whats the sitch?Nov 23:APT targets Unitronics PLCs CyberAv3ngers Used in water facilities worldwideSo whats the sitch?Nov 23:APT targets Unitronics PLCs CyberAv3ngers Used in water facilities worldwide Why?Fear and PanicModern Defacing ICS Style Defacing HMI screens How?Dow

3、nloading new project Override current logic Was the defacement the only thing the attackers did?Not The First Time Feb 22-Same attack on Israeli devices:1.5 years prior Same PLC lineup Attackers were not identified Probably same APT:shared assets2022 Attack on IsraeliParcel ServicesUnitronics Vision

4、 101 PLC+HMI Vendor is an Israeli PLC makers Old PLCS-Samba and Vision Series PCOM protocol(serial or TCP/20256)Almost no security mechanisms No encryption“Weak”authentication10“Weak”Authentication?From CISA advisory,they recommend:Change default password Add PCOM password11HoweverMore Like No Authe

5、ntication!Prior to v9.9.00-no PCOM authentication To attack you need:EWS:Visilogic IP4/25/23There are no internet-facing PLCs right?Right?Hundreds of Exposed Devices Using shodan.io:900 devices PCOM exported Unpatched devices have no authentication!Real Video of the APT Attack!AttackersInternet-faci

6、ng PLCsWe Were Noted of This Attack We began investigatingThere is no forensic tools for such device!Develop new forensic tools Extract evidence from affected PLCs18We Were Noted of This Attack We began investigatingThere is no forensic tools for such device!Develop new forensic tools Extract eviden

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(诺姆·摩西_从漏洞到取证证据解开Unitronics攻击.pdf)为本站 (张5G) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠