hack.lu

The Renaissance of Cyber Physical Offensive Capabilities
10-18, 10:30–11:00 (Europe/Luxembourg), Salle Europe

Since the beginning of the Ukrainian invasion, we have seen a renaissance of innovation making threats to operational technology (OT) systems more streamlined than ever before. Such activity is reflected in a quick turnaround in the development of malware and capabilities to target OT systems. In this talk, I will provide an overview of the evolution of OT threats since the eve of Ukraine’s invasion and discuss its implications for defenders. Among other topics, I will share recent findings about documentation hinting on Russia’s development of OT cyber capabilities, and newly disclosed OT malware families such as INCONTROLLER, INDUSTROYER.V2 and COSMICENERGY.


For the last ten years we have seen a fast evolving operational technology (OT) security community learning about cyber physical attacks and how to defend against them. However, since the beginning of the conflict in Ukraine, we have seen a twist in the OT threat landscape. A renaissance or breakthrough period of innovation is making threats to cyber physical systems more streamlined and common than ever before.

During the conflict, we have observed the intensification of threat activity coming from different fronts, including criminals, hacktivists, and nation-states. Such activity has resulted in a quick turnaround in the development of malware and capabilities to target OT systems. In this talk, I will provide an overview of the evolution of OT threats focusing primarily on new capabilities we have observed since the eve of Ukraine’s invasion.

Among other things, I will discuss recent leaked documents hinting on Russia’s development of OT cyber capabilities, and the recent disclosure of highly specialized malware including INDUSTROYER2, INCONTROLLER, and most recently COSMICENERGY. Using our findings, I will also discuss the implications for defenders in the light of this new era of discovery of cyber physical offensive capabilities.

See also:

Analysis Manager for Google Mandiant where he oversees the strategic coverage of cyber physical threat intelligence and information operations. He also coordinates the development of solutions to collect and analyze data. He is a frequent speaker on ICS/OT topics at international conferences and collaborates as international liaison for the ICS Joint Working Group Steering Team from CISA. As a former Fulbright scholar from Mexico, he holds a master’s degree from the University of Washington specialized in Information Security and Risk Management. In 2017, he was awarded first place at Kaspersky Academy Talent Lab's competition for designing an application to address security beyond anti-virus.