Recently I have heard about 2 types of ICS malware : INDUSTROYER 2 and PIPEDREAM\/INCONTROLLER. They are different in functionality, I know. They also target different vendors and vulnerabilities. I realized that there is a common pattern in ICS malware. So I developed my own formula to analyze this pattern :<\/p>\n\n\n\n
So my advice for asset owners and ICS vendors, why don’t you develop your own imaginary malware as a cybersecurity exercise from time to time. Develop your malware using the above formula and name it a name if you prefer like for example “Octopus”. You can also share it with the ICS community as a form of knowledge sharing. Stay away from the news and fear mongering marketers. <\/p>\n","protected":false},"excerpt":{"rendered":" Recently I have heard about 2 types of ICS malware : INDUSTROYER 2 and PIPEDREAM\/INCONTROLLER. They are different in functionality, I know. They also target different vendors and vulnerabilities. I realized that there is a common pattern in ICS malware. So I developed my own formula to analyze this pattern : ICS Malware (give it […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,14,138,48,5],"tags":[139,6,143,142,140,47,141],"class_list":["post-731","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-malware","category-mitre-ics","category-ot-security","category-vendors","tag-ics-malware","tag-ics-security","tag-incontroller","tag-industroyer-2","tag-mitre","tag-ot-security","tag-pipedream"],"_links":{"self":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/comments?post=731"}],"version-history":[{"count":4,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/731\/revisions"}],"predecessor-version":[{"id":737,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/posts\/731\/revisions\/737"}],"wp:attachment":[{"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/media?parent=731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/categories?post=731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerontek.com\/zt\/wp-json\/wp\/v2\/tags?post=731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}ICS Malware (give it any name) = vendor (victim) + Mitre tactics\/techniques <\/code><\/p>\n\n\n\n