An Analysis of Black Energy 3, Crashoverride, and Trisis, Three Malware Approaches Targeting Operational Technology Systems

Geiger, Marcus; Bauer, Jakob; Masuch, Michael; Franke, Jörg

doi:10.1109/etfa46521.2020.9212128

Cited by 39 publications

(18 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In short, according to Avira, we can say that Microsoft Protector may be sufficient for the user to satisfactorily protect their data, but it is also clear that it represents a reputable and reliable 'non-free' antivirus option. 24 With regards to users who do not have high levels of technical experience, it is difficult for them to correctly judge whether this product is sufficient to protect them or not. It can therefore represent an advantageous product for some, and a limited one for others.…”

Section: Related Workmentioning

confidence: 99%

Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework

Mohamed¹

2022

F1000Res

View full text Add to dashboard Cite

Background: Microsoft Windows Security is a recently implemented safeguard for the Windows operating systems, including the latest versions of Windows10 and 11. However, there is a major shortcoming in this system to stop Advanced Persistent Threat (APT). These are government-financed groups that are funded to attack other government entities. Following the initial security breach, the hacked Windows device is used to access the rest of the network devices in order to transfer data to external storage (Exfiltration). Methods: In this work, we have tested the Microsoft Windows Security system using MITRE CALDERA and ATT&CK frameworks and explain how APT groups are able to bypass Windows Security. Results: In this study we used "54ndc47" agent through GoLang feature in MITRE CALDERA platform to test and bypass Microsoft Windows Security systems (MS Windows 10). Through it, we were able to bypass the Windows Security system and display entire files in the victim's device. Conclusions: In this paper, we have provided recommendations to Microsoft to improve their Windows Security tool through the use of Artificial intelligence (AI).

show abstract

Section: Related Workmentioning

confidence: 99%

Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework

Mohamed¹

2022

F1000Res

View full text Add to dashboard Cite

show abstract

“…More recently, the Trisis [78] malware successfully attacked equipment employed in energy, oil, and gas control systems. Other research dealt with a combined analysis of BlackEnergy, Crashoverride, and Trisis [79], whereas Hemsley et al [80] discussed the history of ICS cyber incidents.…”

Section: Cybersecurity and Cti In Active Buildingsmentioning

confidence: 99%

Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems: A STIX Model for Active Buildings

2022

View full text Add to dashboard Cite

Active buildings can be briefly described as smart buildings with distributed and renewable energy resources able to energise other premises in their neighbourhood. As their energy capacity is significant, they can provide ancillary services to the traditional power grid. As such, they can be a worthy target of cyber-attacks potentially more devastating than if targeting traditional smart buildings. Furthermore, to handshake energy transfers, they need additional communications that add up to their attack surface. In such a context, security analysis would benefit from collection of cyber threat intelligence (CTI). To facilitate the analysis, we provide a base active building model in STIX in the tool cyberaCTIve that handles complex models. Active buildings are expected to implement standard network security measures, such as intrusion-detection systems. However, to timely respond to incidents, real-time detection should promptly update CTI, as it would significantly speed up the understanding of the nature of incidents and, as such, allow for a more effective response. To fill this gap, we propose an extension to the tool cyberaCTIve with a web service able to accept (incursion) feeds in real-time and apply the necessary modifications to a STIX model of interest.

show abstract

“…The National Electric Sector Cybersecurity Organization Resource (NESCOR) conducted cyber-security assessment and grid failure scenarios for increase SG resilience [15] and Jauhar et al (2015) proposed model-based techniques [16] for its study. One could use reported vulnerability incidents and detailed cyber-attack vectors using MITRE's ATT&CK framework 2 , combining with databases provided by NVD 3 or CVE 4 . Dabrowski et al (2017) [17] commented on "Grid-shock", i.e., the problem of synchronizing attacks to destabilize the D R A F T power grid.…”

Section: Related Workmentioning

confidence: 99%

“…Over the years, attacks to Smart-Grid power control components, such as, the Stuxnet worm [1], Black Energy 3 [2], Crashoverride [3], and Trisis [4], were able to significantly damage Industrial Control Systems (ICS) [5]. In the first quarter of 2021 the US' East Coast oil supply chain, provided by Colonial Pipeline, was the target of a serious attack.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Aging and Rejuvenation Models of Load Changing Attacks in Micro-Grids

Czekster

Avritzer

Menasché³

2021

2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)

View full text Add to dashboard Cite

Recent cyber-attacks in critical infrastructures have highlighted the importance of investigating how to improve Smart-Grids (SG) resiliency. In the future, it is envisioned that grid connected micro-grids would have the ability of operating in 'islanded mode' in the event of a grid-level failure. In this work, we propose a method for unfolding aging and rejuvenation models into their sequential counterparts to enable the computation of transient state probabilities in the proposed models. We have applied our methodology to one specific security attack scenario and four large campus micro-grids case studies. We have shown how to convert the software aging and rejuvenation, with cycles, to its unfolded counterpart. We then used the unfolded counterpart to support the survivability computation. We were able to analytically evaluate the transient failure probability and the associated Instantaneous Expected Energy Not Supplied metric, for each of the four case studies, from one specific attack. We envision several practical applications of the proposed methodology. First, because the micro-grid model is solved analytically, the approach can be used to support microgrid engineering optimizations accounting for security intrusions. Second, micro-grid engineers could use the approach to detect security attacks by monitoring for unexpected deviations of the Energy Not Supplied metric.

show abstract

An Analysis of Black Energy 3, Crashoverride, and Trisis, Three Malware Approaches Targeting Operational Technology Systems

Cited by 39 publications

References 8 publications

Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework

Study of bypassing Microsoft Windows Security using the MITRE CALDERA Framework

Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems: A STIX Model for Active Buildings

Aging and Rejuvenation Models of Load Changing Attacks in Micro-Grids

Contact Info

Product

Resources

About