Kaspersky SAS SCADA in the Cloud
Transcript of Kaspersky SAS SCADA in the Cloud
![Page 1: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/1.jpg)
*All pictures are taken from Dr StrangeLove movie and other Internets
Sergey Gordeychik
![Page 2: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/2.jpg)
¨ Group of security researchers focused on ICS/SCADA
to save Humanity from industrial disaster and to keep Purity Of Essence
Alexander Timorin Alexander Tlyapov Alexander Zaitsev Alexey Osipov Andrey Medov Artem Chaykin Denis Baranov Dmitry Efanov Dmitry Nagibin
Dmitry Serebryannikov Dmitry Sklyarov Evgeny Ermakov Gleb Gritsai Ilya Karpov Ivan Poliyanchuk Kirill Nesterov Roman Ilin Sergey Bobrov
Sergey Drozdov Sergey Gordeychik Sergey Scherbel Timur Yunusov Valentin Shilnenkov Vladimir Kochetkov Vyacheslav Egoshin Yuri Goltsev Yuriy Dyachenko
![Page 3: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/3.jpg)
![Page 4: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/4.jpg)
https://icsmap.shodan.io/
![Page 5: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/5.jpg)
![Page 6: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/6.jpg)
![Page 7: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/7.jpg)
![Page 8: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/8.jpg)
![Page 9: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/9.jpg)
![Page 10: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/10.jpg)
― Google dorks ― Configuration scripts ― FS structure ― etc.
![Page 11: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/11.jpg)
![Page 12: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/12.jpg)
![Page 13: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/13.jpg)
![Page 14: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/14.jpg)
![Page 15: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/15.jpg)
![Page 16: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/16.jpg)
![Page 17: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/17.jpg)
![Page 18: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/18.jpg)
-‐-‐snip-‐-‐ Comment to PT-‐SOL-‐2014001: The upload path has been changed. It is sAll possible to upload files, but they can't overwrite system criAcal parts any more. Comment to PT-‐SOL-‐2014002: The system backup is created in a randomly chosen path an deleted aJerwards. Therefore an unauthorized access is made much more difficult and very unlikely. Second comment to PT-‐SOL-‐2014002: In order to compensate the weak encrypAon in the configuraAon file, the whole configuraAon file is now encrypted via the new HTTP transmission. -‐-‐snip-‐-‐
![Page 19: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/19.jpg)
![Page 20: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/20.jpg)
![Page 21: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/21.jpg)
![Page 22: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/22.jpg)
![Page 23: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/23.jpg)
![Page 24: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/24.jpg)
![Page 25: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/25.jpg)
![Page 26: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/26.jpg)
![Page 27: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/27.jpg)
![Page 28: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/28.jpg)
![Page 29: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/29.jpg)
![Page 30: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/30.jpg)
![Page 31: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/31.jpg)
To hack what? Grandmom’s reel 2 reel recorder?
![Page 32: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/32.jpg)
![Page 33: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/33.jpg)
![Page 34: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/34.jpg)
*Special Bushehr photo for scary ICS security slides
*
![Page 35: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/35.jpg)
![Page 36: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/36.jpg)
http://scadastrangelove.blogspot.com/2014/12/sos-secure-open-smartgrids.html
![Page 37: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/37.jpg)
![Page 38: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/38.jpg)
![Page 39: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/39.jpg)
![Page 40: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/40.jpg)
![Page 41: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/41.jpg)
![Page 42: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/42.jpg)
![Page 43: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/43.jpg)
![Page 44: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/44.jpg)
![Page 45: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/45.jpg)
![Page 46: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/46.jpg)
![Page 47: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/47.jpg)
![Page 48: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/48.jpg)
![Page 49: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/49.jpg)
As a side note, there is about a 3GW buffer in the European energy grids -- take 3GW off the net within a couple of seconds (or add them), and lights will go out. For quite a long while.
![Page 50: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/50.jpg)
![Page 51: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/51.jpg)
0
50
100
150
200
250
ABB Advantech Emerson Honeywell Other Siemens Schneider Electric
Total Total Fix Vulns Fixed
![Page 52: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/52.jpg)
¨ PHDays III Choo Choo Choo Pwn ¡ Security assessment/Pentest
¨ PHDays IV Critical Infrastructure Attack ¡ 0-day research
http://bit.ly/1t8poTL http://www.phdays.com/press/news/38171/
![Page 53: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/53.jpg)
¨ Goals ¡ 0-day research on ICS components ¡ Make a disaster ¡ 0-day/1-day, CVSS, complexity, exploit, practical impact (e.g. disaster)
ú Mom, I can spoof MODBUS tag = 0 ;) ¨ Tragets
¡ Schneider Electric ú Wonderware System Platform, InduSoft Web Studio 7.1.4, ClearSCADA, IGSS, MiCOM
C264 ¡ Siemens
ú Flexible, TIA Portal 13 Pro, WinCC, KTP 600, Simatic S7-1500 (1511-1 PN), S7-300 (314С-2 DP + CP343), S7-1200 v3, S7-1200 v2.2
¡ Rockwell Automation ú RSLogix 500, Allen-Bradley MicroLogix 1400 1766-L32BWAA
¡ WellinTech KingSCADA, ICONICS Genesis64, ICP DAS PET-7067, Kepware KepServerEX(S7, DNP3), Honeywell Matrikon OPC (Modbus, DNP3), etc.
![Page 54: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/54.jpg)
¨ Winners ¡ Alisa Esage – SE InduSoft Web Studio 7.1 ¡ Nikita Maximov & Pavel Markov - ICP DAS RTU ¡ Dmitry Kazakov - Siemens Simatic S7-1200 PLC
¨ 2 days – 10+ 0days ¨ Responsible disclosure: in progress ¨ Fixes?
![Page 55: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/55.jpg)
Marinna Krotofil, 31C3, Hamburg, Germany
![Page 56: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/56.jpg)
Marinna Krotofil, 31C3, Hamburg, Germany
![Page 57: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/57.jpg)
Information Security
?
![Page 58: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/58.jpg)
¨ Industrial security: directly affect industrial safety, can cause man-made disaster
¨ Economic efficiency: affect quantitative economic indicators of the processes, automated with ICS
¨ Other functional safety and reliability issues: affect qualitative or quantitative indicators of performance, reliability and security (SIL, MTBF, etc.)
![Page 59: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/59.jpg)
a process that ensures control object operation with no dangerous failures or damage, but with a set economic efficiency and reliability level maintained in the light of adverse anthropogenic information influence
![Page 60: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/60.jpg)
Yellow
Green
![Page 61: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/61.jpg)
http://www.theguardian.com/world/2013/jul/25/spain-train-crash-travelling-so-fast
![Page 62: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/62.jpg)
Safety Integrity Level Probability of Failure on Demand (PFD)
Probability of Failure per Hour (PFH)
![Page 63: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/63.jpg)
![Page 64: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/64.jpg)
Yellow
Red
![Page 65: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/65.jpg)
What is the mean time between failures (MTBF) for Windows-based HMI if the operator follows recommended patch management practice?
![Page 66: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/66.jpg)
![Page 67: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/67.jpg)
![Page 68: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/68.jpg)
![Page 69: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/69.jpg)
![Page 70: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/70.jpg)
![Page 71: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/71.jpg)
Modern Smart Grid: - ICS/SCADA - Mobile carrier - Billing/Payment - IoT -Cloud
![Page 72: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/72.jpg)
![Page 73: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/73.jpg)
Alexander @arbitrarycode Zaitsev
Alexey @GiftsUngiven Osipov
Kirill @k_v_nesterov Nesterov
Dmtry @_Dmit Sklyarov
Timur @a66at Yunusov
Gleb @repdet Gritsai
Dmitry Kurbatov
Sergey Puzankov
Pavel Novikov
![Page 74: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/74.jpg)
*All pictures are taken from Dr StrangeLove movie and other Internets
![Page 75: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/75.jpg)
![Page 76: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/76.jpg)
![Page 77: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/77.jpg)
![Page 78: Kaspersky SAS SCADA in the Cloud](https://reader034.fdocuments.us/reader034/viewer/2022051112/55a6c14f1a28ab46688b4909/html5/thumbnails/78.jpg)
*All pictures are taken from google and other Internets
Alexander Timorin Alexander Tlyapov Alexander Zaitsev Alexey Osipov Andrey Medov Artem Chaykin Denis Baranov Dmitry Efanov Dmitry Nagibin Dmitry Serebryannikov Dmitry Sklyarov Evgeny Ermakov Gleb Gritsai Ilya Karpov Ivan Poliyanchuk Kirill Nesterov Roman Ilin Sergey Bobrov Sergey Drozdov Sergey Gordeychik Sergey Scherbel Timur Yunusov Valentin Shilnenkov Vladimir Kochetkov Vyacheslav Egoshin Yuri Goltsev Yuriy Dyachenko