SlideShare a Scribd company logo

Project RUGGEDTRAX Findings Report (28-Nov-2015)

Download as DOC, PDF
Bob Radvanovsky
Bob Radvanovsky

This project is subset to Project SHINE (SHodan Intelligence Extraction), providing one example of what would happen if a device was to be directly connected to the Internet. At no point in time was this project intended to identify any shortcomings of the manufacturer’s efforts in remediating any of the known vulnerabilities, nor was it intended to place any blame or negligence towards the manufacturer in any manner whatsoever. The choosing of the specific device was to provide a simplified example which could be easily demonstrated as a form of substantiation of our position provided through Project SHINE. It should be noted that the device utilized has an out-of-date version of its firmware that is subject to one or more known vulnerabilities that currently exist. The manufacturer has taken steps previously to remediate those versions of firmware by providing updates; it is strongly suggested that any asset owners running this specific version of firmware update or upgrade to the latest version as a precautionary effort. The objective of this project is to provide some form of substantiation that directly connecting an ICS device onto the Internet could have consequences. As such, the premise of this project was to: (1) Obtain current ICS equipment through public sources (eBay), and deploy this equipment as actual cyber assets controlling perceived critical infrastructure environments; (2) Ascertain any pertinent threat or attack vectors, as well as scope and magnitude of any attacks against the perceived critical infrastructure environments; (3) Record network access attempts, and analyze captured network packets for any patterns; and, (4) Report redacted findings for public awareness to governments and media outlets.

Internet
1 of 8
This following findings report contains specific details of devices that are directly connected to the Internet that may be utilized for mission critical operations associated to one (or more) critical infrastructure sectors (and their respective industries). Information contained within this report should only be used for awareness purposes. This document is licensed under Creative Commons v4.0: http://creativecommons.org/licenses/by-nc/4.0 LEGAL DISCLAIMER Project RUGGTEDTRAX is a research project designed to observe and gather data used to provide some proof of any threats and risk associated with SCADA and industrial control system devices that appear to be directly connected to the Internet. The project is but one of several projects to raise public awareness of such devices that may impact one (or more) critical infrastructure sectors (and their respective industries), while demonstrating providing quantifiable proof of any impacts to these devices that are publicly accessible through the Internet. Project RUGGEDTRAX – Creative Commons v4.0: Attribution/Non-Commercial Use Page 1 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future Project RUGGEDTRAX SCADA/ICS Analysis Findings Report Based on intelligence gathered from an ICS device placed directly onto the Internet 14 Oct 2014 through 27 Dec 2014 28 Nov 2015
Contact Information For more information about Project RUGGEDTRAX, please send correspondence to: Project RUGGEDTRAX Inquiries projectruggedtrax@infracritical.com Introduction This project is subset to Project SHINE (SHodan Intelligence Extraction), providing one example of what would happen if a device was to be directly connected to the Internet. At no point in time was this project intended to identify any shortcomings of the manufacturer’s efforts in remediating any of the known vulnerabilities, nor was it intended to place any blame or negligence towards the manufacturer in any manner whatsoever. The choosing of the specific device was to provide a simplified example which could be easily demonstrated as a form of substantiation of our position provided through Project SHINE. It should be noted that the device utilized, has an out-of-date version of its firmware that is subject to one or more known vulnerabilities that currently exist. The manufacturer has taken steps previously to remediate those versions of firmware by providing updated versions; it is strongly suggested that any asset owners running this specific version of firmware update/upgrade to the latest version as a precautionary effort. Objective The objective of this project is to provide some form of substantiation that directly connecting an ICS device onto the Internet could have consequences. As such, the premise of this project was to: (1) Obtain current ICS equipment through public sources (eBay), and deploy this equipment as actual cyber assets controlling perceived critical infrastructure environments; (2) Ascertain any pertinent threat or attack vectors, as well as scope and magnitude of any attacks against the perceived critical infrastructure environments; (3) Record network access attempts, and analyze captured network packets for any patterns; and, (4) Report redacted findings for public awareness to governments and media outlets. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 2 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
Device Specifications The equipment chosen is a serial-to-Ethernet converter that has capabilities of controlling two (2) ICS devices utilizing either the MODBUS/TCP or DNP3 network protocols. The manufacturer is Siemens RuggedCom, and the device model is RS910, which is a 2-port serial-to- Ethernet converter that is DIN rail-mounted; a hardware diagram is shown below: . Figure 1. The device is running the firmware release level of version 3.8.0. This version of the firmware is susceptible to several publicly known vulnerabilities, including the factory backdoor vulnerability, in which an adversary may bypass security controls by executing an application to obtain administrative privileges through a generated factory account and password. This feature was previously available as a method of accessing the device should an asset owner administrator lose their administrative privileged access to any Siemens RuggedCom device, and has since been remediated by Siemens RuggedCom. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 3 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
Device Configuration The device can communicate using the following protocols: TELNET, Trivial FTP (TFTP), Remote Shell (RSH), Secure Shell (SSH), SNMP, HTTP/HTTPS, MODBUS/TCP and DNP3. After resetting the device to factory defaults, all protocols are enabled and available. The following protocols were disabled: TELNET, TFTP, RSH, SNMP, and MODBUS/TCP. The protocols HTTP/HTTPS and SSH are always required (outside of serial console), with minimal connectivity of at least ONE (1) allowed connection. NOTE: The DNP3 protocol cannot be disabled. The device was portrayed and configured as a water pump to a wellhead for a local municipality. In this case, the local government is Geneva, Illinois. The contact name is fictitious; any resemblance to any individuals with a similar name is entirely coincidental. A screen shot of the redacted web interface is shown below: 1 2 Figure 2. 1 The name “RUGGEDCOM”, “Rugged Operating System”, and “ROS” are copyright and registered trademarks of Siemens RuggedCom. 2 The name “goahead” and “goahead WEBSERVER” are copyright Embedthis Software. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 4 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
The device was placed online 14-Oct-2014 (Tuesday), and taken out of service 27-Dec-2014 (Saturday). Once placed directly on the Internet, the device was monitored closely for any activity. For sake of brevity, this report was limited to 53 countries, identifying the most significant counted countries, top- to-bottom, left-to-right, which include the following: Country Count Percent Country Count Percent Country Count Percent China 125299 89.2424 France 3344 2.3817 United States 3247 2.3126 Germany 1794 1.2778 Korea 1602 1.141 Singapore 1576 1.122 Tunisia 509 0.363 Ukraine 327 0.233 Indonesia 253 0.180 Canada 220 0.157 Turkey 198 0.141 Italy 196 0.140 Japan 193 0.137 Poland 185 0.132 Netherlands 183 0.130 Lithuania 178 0.127 United Kingdom 159 0.113 Hong Kong 137 0.0.98 Russian Federation 105 0.075 Brazil 85 0.061 Vietnam 81 0.058 Sweden 76 0.054 Belarus 65 0.046 Austria 64 0.046 Taiwan 56 0.040 Panama 47 0.033 Peru 45 0.032 Mexico 44 0.031 Kazakhstan 25 0.018 Norway 17 0.012 Israel 12 0.009 Estonia 10 0.007 India 8 0.006 Hungary 7 0.005 Iran 7 0.005 Malaysia 7 0.005 Romania 7 0.005 Belgium 6 0.004 Moldova 6 0.004 Greece 3 0.002 Spain 3 0.002 Thailand 3 0.002 Australia 2 0.001 Kenya 2 0.001 Pakistan 2 0.001 Argentina 1 0.0007 Costa Rica 1 0.0007 Czech Republic 1 0.0007 Denmark 1 0.0007 Ecuador 1 0.0007 Ireland 1 0.007 Satellite Provider3 1 0.0007 Slovakia 1 0.0007 Table 1. The top-most country is highlighted in red; the remain 4 top-most countries are highlighted in yellow; of 100%, the 5 top-most countries represent 96.3555% or 135,286 out of 140,403 non-unique entries. 3 Based on the IP address, this belonged to an undisclosed satellite provider. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 5 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
Percentages With Chinese-based IP addresses representing 89.2424%; the next 4 countries representing 7.1131%; and the remaining 48 countries representing 3.6445%; out of a total of 53 countries. Counts With Chinese-based IP addresses represent 125,299 non-unique entries; the next 4 countries represent 9,987 non-unique entries; and remaining 48 countries representing 5,117 non-unique entries. Total count is 140,403 non-unique entries out of 140,430 total entries. The difference represents 27 erroneous entries (or 0.0192%) due to network connection retries. The margin of error is ±3.04%. Graph (Country Count Distribution) The graph (shown below) demonstrates just how skewed the access attempts against the device were identified per country-based IP address(es). Please note that this does not infer that the country identified is representative of a nation-state sanctioned activity; merely, it is representative of the IP addresses correlated to a specific network address block for that country. Table 2. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 6 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
Graph (IP Network Address Count Distribution) The graph (shown below) shows the top 5 IP addresses that are part of the 140,403 count distribution, with a count of 12,112, representing 8.6266% of the total count. Of the 5 IP addresses identified, numbers 1, 3, 4 and 5 are from Chinese-based IP addresses; number 2 is from a French-based IP address. Identified as the following: China: 3044, 2258, 2175, and 2056. France: 2579. Table 3. The top 5 IP addresses are part of a total of 651 IP addresses, minus 3 IP addresses used for local and/or remote access during the packet capture and evaluation. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 7 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
Conclusion Based on the data examined, it appears that the majority of the access attempts originated from IP addresses belong to the country of China. This does not mean nor infer that any of the access attempts were conducted by anyone from the Chinese nation, its government, or any organization based out of China. The originating IP addresses may be proxied in an effort to mask the originating IP address sources. It would be an assumption that these access attempts were directed primarily at a critical infrastructure specifically; however, this does not mean that such an attempted access could not exist. Majority of the attempts appear to be automated, with repetitive attempts several times within 1-2 seconds of each other, over the course of several minutes. The only exception would be accounts other than “root”, which appear to be manually attempted (“admin”, “support”, “test”, “bin”, “mysql”, et. al). In conclusion, the data provided within this report, as well as through the GitHub repository, will allow anyone to see the amount of probing attempts against unprotected devices may experience. As this experiment was conducted for only 75 days (roughly 2.5 months), this demonstrates the intensity by which these probes are performed. This data is being released publicly in an attempt to provide further aware and understanding of the magnitude of how bad it is for placing equipment directly onto the Internet without any form of protection whatsoever. Please utilize the data as you see fit; however, we request that credentials be given to “Infracritical” should you utilize any or all of the data set. This report may be found on SlideShare: http://www.slideshare.net/BobRadvanovsky/project-ruggedtrax-findings-report-28nov2015 The supporting data may be found on GitHub: https://github.com/infracritical/ruggedtrax Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 8 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future

Recommended

10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE PresentationBob Radvanovsky
 
Project SHINE Findings Report (1-Oct-2014)
Project SHINE Findings Report (1-Oct-2014)Project SHINE Findings Report (1-Oct-2014)
Project SHINE Findings Report (1-Oct-2014)Bob Radvanovsky
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Ics2016 scidmark-27oct2016
Ics2016 scidmark-27oct2016Ics2016 scidmark-27oct2016
Ics2016 scidmark-27oct2016Bob Radvanovsky
 
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...CODE BLUE
 
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi TaniguchiCODE BLUE
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...CODE BLUE
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012James Collinge, CISSP
 

Recommended

10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE PresentationBob Radvanovsky
 
Project SHINE Findings Report (1-Oct-2014)
Project SHINE Findings Report (1-Oct-2014)Project SHINE Findings Report (1-Oct-2014)
Project SHINE Findings Report (1-Oct-2014)Bob Radvanovsky
 
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...
CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Cyber-attac...Muhammad FAHAD
 
Ics2016 scidmark-27oct2016
Ics2016 scidmark-27oct2016Ics2016 scidmark-27oct2016
Ics2016 scidmark-27oct2016Bob Radvanovsky
 
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...
[CB20] LogonTracer v1.5 + Elasticsearch = Real-time AD Log Analysis System by...CODE BLUE
 
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi[CB20] Explainable malicious domain diagnosis by Tsuyoshi Taniguchi
[CB20] Explainable malicious domain diagnosis by Tsuyoshi TaniguchiCODE BLUE
 
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...
[CB21] Were "2020" Subdomains Abused Actually? - Mining the Real Threat Hidde...CODE BLUE
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012James Collinge, CISSP
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetNathan Wallace, PhD, PE
 
Intrusion detection system: classification, techniques and datasets to implement
Intrusion detection system: classification, techniques and datasets to implementIntrusion detection system: classification, techniques and datasets to implement
Intrusion detection system: classification, techniques and datasets to implementIRJET Journal
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
 
China Cyber
China CyberChina Cyber
China CyberDominic Karunesudas
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...CODE BLUE
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
Detecting advanced and evasive threats on the network
Detecting advanced and evasive threats on the networkDetecting advanced and evasive threats on the network
Detecting advanced and evasive threats on the networkDell World
 
[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...
[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...
[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...Canaan Kao
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...SyedImranAliKazmi1
 
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingPreparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingCellebrite
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitErin Sweeney
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
 
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat SheetICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheetqqlan
 
THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...
THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...
THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...Bob Radvanovsky
 

More Related Content

What's hot

IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetNathan Wallace, PhD, PE
 
Intrusion detection system: classification, techniques and datasets to implement
Intrusion detection system: classification, techniques and datasets to implementIntrusion detection system: classification, techniques and datasets to implement
Intrusion detection system: classification, techniques and datasets to implementIRJET Journal
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET Journal
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...CODE BLUE
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesCharalampos Doukas
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
Detecting advanced and evasive threats on the network
Detecting advanced and evasive threats on the networkDetecting advanced and evasive threats on the network
Detecting advanced and evasive threats on the networkDell World
 
[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...
[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...
[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...Canaan Kao
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...SyedImranAliKazmi1
 
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingPreparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingCellebrite
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitErin Sweeney
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
 

What's hot (20)

IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial Things
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the Internet
 
Intrusion detection system: classification, techniques and datasets to implement
Intrusion detection system: classification, techniques and datasets to implementIntrusion detection system: classification, techniques and datasets to implement
Intrusion detection system: classification, techniques and datasets to implement
 
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSDDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMS
 
China Cyber
China CyberChina Cyber
China Cyber
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud Environment
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
Detecting advanced and evasive threats on the network
Detecting advanced and evasive threats on the networkDetecting advanced and evasive threats on the network
Detecting advanced and evasive threats on the network
 
[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...
[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...
[Hitcon 2019] Some things about recent Internet IoT/ICS attacks - a perspecti...
 
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
A lightweight and_robust_secure_key_establishment_protocol_for_internet_of_me...
 
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye HearingPreparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
Preparing Testimony about Cellebrite UFED In a Daubert or Frye Hearing
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
 
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at IntuitSplunk .conf2011: Splunk for Fraud and Forensics at Intuit
Splunk .conf2011: Splunk for Fraud and Forensics at Intuit
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
 

Viewers also liked

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat SheetICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheetqqlan
 
THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...
THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...
THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...Bob Radvanovsky
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guideqqlan
 
Acknowledgement
AcknowledgementAcknowledgement
Acknowledgementkaranj212
 
Acknowledgement
AcknowledgementAcknowledgement
Acknowledgementferdzzz
 

Viewers also liked (8)

ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat SheetICS/SCADA/PLC Google/Shodanhq Cheat Sheet
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet
 
THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...
THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...
THE EFFECT OF NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION CRITICAL INFRAS...
 
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening GuidePT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guide
 
Acknowledgements
AcknowledgementsAcknowledgements
Acknowledgements
 
Acknowledgement
AcknowledgementAcknowledgement
Acknowledgement
 
Example of acknowledgment
Example of acknowledgmentExample of acknowledgment
Example of acknowledgment
 
Acknowledgement
AcknowledgementAcknowledgement
Acknowledgement
 
Acknowledgement
AcknowledgementAcknowledgement
Acknowledgement
 

Similar to Project RUGGEDTRAX Findings Report (28-Nov-2015)

LORA BASED DATA ACQUISITION SYSTEM
LORA BASED DATA ACQUISITION SYSTEMLORA BASED DATA ACQUISITION SYSTEM
LORA BASED DATA ACQUISITION SYSTEMIRJET Journal
 
IRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET Journal
 
NSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threatsNSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threatsRonald Bartels
 
Rain Technology.pptx
Rain Technology.pptxRain Technology.pptx
Rain Technology.pptxGaneshHS6
 
Analysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeAnalysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeFrancesco Faenzi
 
IRJET- Implementation of Cloud Robotics using Raspberry PI to Monitor Product...
IRJET- Implementation of Cloud Robotics using Raspberry PI to Monitor Product...IRJET- Implementation of Cloud Robotics using Raspberry PI to Monitor Product...
IRJET- Implementation of Cloud Robotics using Raspberry PI to Monitor Product...IRJET Journal
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET Journal
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET Journal
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeUPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeFrancesco Faenzi
 
Wi-Fi Controlled Car
Wi-Fi Controlled CarWi-Fi Controlled Car
Wi-Fi Controlled CarIRJET Journal
 
MACHINE LEARNING ALGORITHM OF DETECTION OF DOS ATTACKS ON AN AUTOMOTIVE TELEM...
MACHINE LEARNING ALGORITHM OF DETECTION OF DOS ATTACKS ON AN AUTOMOTIVE TELEM...MACHINE LEARNING ALGORITHM OF DETECTION OF DOS ATTACKS ON AN AUTOMOTIVE TELEM...
MACHINE LEARNING ALGORITHM OF DETECTION OF DOS ATTACKS ON AN AUTOMOTIVE TELEM...IJCNCJournal
 
IRJET- Development of a Multipurpose IoT based Energy & Remote Asset Monitori...
IRJET- Development of a Multipurpose IoT based Energy & Remote Asset Monitori...IRJET- Development of a Multipurpose IoT based Energy & Remote Asset Monitori...
IRJET- Development of a Multipurpose IoT based Energy & Remote Asset Monitori...IRJET Journal
 
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVOVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVNAIM Networks, Inc.
 
Next Steps in the SDN/OpenFlow Network Innovation
Next Steps in the SDN/OpenFlow Network InnovationNext Steps in the SDN/OpenFlow Network Innovation
Next Steps in the SDN/OpenFlow Network InnovationOpen Networking Summits
 
IRJET- IoT Enabled Smart Parking System
IRJET- IoT Enabled Smart Parking SystemIRJET- IoT Enabled Smart Parking System
IRJET- IoT Enabled Smart Parking SystemIRJET Journal
 
IRJET- Electronic Notice Board Remotely Operated using Android Phone
IRJET- Electronic Notice Board Remotely Operated using Android PhoneIRJET- Electronic Notice Board Remotely Operated using Android Phone
IRJET- Electronic Notice Board Remotely Operated using Android PhoneIRJET Journal
 
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING MLSECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING MLIRJET Journal
 
Design & Implementation Of Fault Identification In Underground Cables Using IOT
Design & Implementation Of Fault Identification In Underground Cables Using IOTDesign & Implementation Of Fault Identification In Underground Cables Using IOT
Design & Implementation Of Fault Identification In Underground Cables Using IOTIRJET Journal
 
Massive Data Collection
Massive Data CollectionMassive Data Collection
Massive Data CollectionLeandro Agro'
 

Similar to Project RUGGEDTRAX Findings Report (28-Nov-2015) (20)

LORA BASED DATA ACQUISITION SYSTEM
LORA BASED DATA ACQUISITION SYSTEMLORA BASED DATA ACQUISITION SYSTEM
LORA BASED DATA ACQUISITION SYSTEM
 
IRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network SecurityIRJET- Network Monitoring & Network Security
IRJET- Network Monitoring & Network Security
 
NSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threatsNSA advisory about state sponsored cybersecurity threats
NSA advisory about state sponsored cybersecurity threats
 
Rain Technology.pptx
Rain Technology.pptxRain Technology.pptx
Rain Technology.pptx
 
Analysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in EuropeAnalysis of exposed ICS//SCADA/IoT systems in Europe
Analysis of exposed ICS//SCADA/IoT systems in Europe
 
IRJET- Implementation of Cloud Robotics using Raspberry PI to Monitor Product...
IRJET- Implementation of Cloud Robotics using Raspberry PI to Monitor Product...IRJET- Implementation of Cloud Robotics using Raspberry PI to Monitor Product...
IRJET- Implementation of Cloud Robotics using Raspberry PI to Monitor Product...
 
IRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate EnvironmentIRJET - Implementation of Firewall in a Cooperate Environment
IRJET - Implementation of Firewall in a Cooperate Environment
 
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via FirewallIRJET- SDN Simulation in Mininet to Provide Security Via Firewall
IRJET- SDN Simulation in Mininet to Provide Security Via Firewall
 
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in EuropeUPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
UPDATED - Analysis of exposed ICS / SCADA and IoT systems in Europe
 
Final project report
Final project reportFinal project report
Final project report
 
Wi-Fi Controlled Car
Wi-Fi Controlled CarWi-Fi Controlled Car
Wi-Fi Controlled Car
 
MACHINE LEARNING ALGORITHM OF DETECTION OF DOS ATTACKS ON AN AUTOMOTIVE TELEM...
MACHINE LEARNING ALGORITHM OF DETECTION OF DOS ATTACKS ON AN AUTOMOTIVE TELEM...MACHINE LEARNING ALGORITHM OF DETECTION OF DOS ATTACKS ON AN AUTOMOTIVE TELEM...
MACHINE LEARNING ALGORITHM OF DETECTION OF DOS ATTACKS ON AN AUTOMOTIVE TELEM...
 
IRJET- Development of a Multipurpose IoT based Energy & Remote Asset Monitori...
IRJET- Development of a Multipurpose IoT based Energy & Remote Asset Monitori...IRJET- Development of a Multipurpose IoT based Energy & Remote Asset Monitori...
IRJET- Development of a Multipurpose IoT based Energy & Remote Asset Monitori...
 
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVOVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
 
Next Steps in the SDN/OpenFlow Network Innovation
Next Steps in the SDN/OpenFlow Network InnovationNext Steps in the SDN/OpenFlow Network Innovation
Next Steps in the SDN/OpenFlow Network Innovation
 
IRJET- IoT Enabled Smart Parking System
IRJET- IoT Enabled Smart Parking SystemIRJET- IoT Enabled Smart Parking System
IRJET- IoT Enabled Smart Parking System
 
IRJET- Electronic Notice Board Remotely Operated using Android Phone
IRJET- Electronic Notice Board Remotely Operated using Android PhoneIRJET- Electronic Notice Board Remotely Operated using Android Phone
IRJET- Electronic Notice Board Remotely Operated using Android Phone
 
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING MLSECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
SECURING AND STRENGTHENING 5G BASED INFRASTRUCTURE USING ML
 
Design & Implementation Of Fault Identification In Underground Cables Using IOT
Design & Implementation Of Fault Identification In Underground Cables Using IOTDesign & Implementation Of Fault Identification In Underground Cables Using IOT
Design & Implementation Of Fault Identification In Underground Cables Using IOT
 
Massive Data Collection
Massive Data CollectionMassive Data Collection
Massive Data Collection
 

More from Bob Radvanovsky

CIA Former Chief using Stuxnet a 'good idea'
CIA Former Chief using Stuxnet a 'good idea'CIA Former Chief using Stuxnet a 'good idea'
CIA Former Chief using Stuxnet a 'good idea'Bob Radvanovsky
 
U.S. Knew of CIA Covert Iran Mission
U.S. Knew of CIA Covert Iran MissionU.S. Knew of CIA Covert Iran Mission
U.S. Knew of CIA Covert Iran MissionBob Radvanovsky
 
CIA Knew About Stuxnet over a Decade Ago (Google search results)
CIA Knew About Stuxnet over a Decade Ago (Google search results)CIA Knew About Stuxnet over a Decade Ago (Google search results)
CIA Knew About Stuxnet over a Decade Ago (Google search results)Bob Radvanovsky
 
CIA Knew About Stuxnet over a Decade Ago (current page, Part 2)
CIA Knew About Stuxnet over a Decade Ago (current page, Part 2)CIA Knew About Stuxnet over a Decade Ago (current page, Part 2)
CIA Knew About Stuxnet over a Decade Ago (current page, Part 2)Bob Radvanovsky
 

More from Bob Radvanovsky (7)

CIA Former Chief using Stuxnet a 'good idea'
CIA Former Chief using Stuxnet a 'good idea'CIA Former Chief using Stuxnet a 'good idea'
CIA Former Chief using Stuxnet a 'good idea'
 
U.S. Knew of CIA Covert Iran Mission
U.S. Knew of CIA Covert Iran MissionU.S. Knew of CIA Covert Iran Mission
U.S. Knew of CIA Covert Iran Mission
 
CIA Knew About Stuxnet over a Decade Ago (Google search results)
CIA Knew About Stuxnet over a Decade Ago (Google search results)CIA Knew About Stuxnet over a Decade Ago (Google search results)
CIA Knew About Stuxnet over a Decade Ago (Google search results)
 
CIA Knew About Stuxnet over a Decade Ago (current page, Part 2)
CIA Knew About Stuxnet over a Decade Ago (current page, Part 2)CIA Knew About Stuxnet over a Decade Ago (current page, Part 2)
CIA Knew About Stuxnet over a Decade Ago (current page, Part 2)
 
IANS-2008
IANS-2008IANS-2008
IANS-2008
 
ACS-2010
ACS-2010ACS-2010
ACS-2010
 
ABA-ISC-2009
ABA-ISC-2009ABA-ISC-2009
ABA-ISC-2009
 

Recently uploaded

Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 

Recently uploaded (11)

Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 

Project RUGGEDTRAX Findings Report (28-Nov-2015)

  • 1. This following findings report contains specific details of devices that are directly connected to the Internet that may be utilized for mission critical operations associated to one (or more) critical infrastructure sectors (and their respective industries). Information contained within this report should only be used for awareness purposes. This document is licensed under Creative Commons v4.0: http://creativecommons.org/licenses/by-nc/4.0 LEGAL DISCLAIMER Project RUGGTEDTRAX is a research project designed to observe and gather data used to provide some proof of any threats and risk associated with SCADA and industrial control system devices that appear to be directly connected to the Internet. The project is but one of several projects to raise public awareness of such devices that may impact one (or more) critical infrastructure sectors (and their respective industries), while demonstrating providing quantifiable proof of any impacts to these devices that are publicly accessible through the Internet. Project RUGGEDTRAX – Creative Commons v4.0: Attribution/Non-Commercial Use Page 1 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future Project RUGGEDTRAX SCADA/ICS Analysis Findings Report Based on intelligence gathered from an ICS device placed directly onto the Internet 14 Oct 2014 through 27 Dec 2014 28 Nov 2015
  • 2. Contact Information For more information about Project RUGGEDTRAX, please send correspondence to: Project RUGGEDTRAX Inquiries projectruggedtrax@infracritical.com Introduction This project is subset to Project SHINE (SHodan Intelligence Extraction), providing one example of what would happen if a device was to be directly connected to the Internet. At no point in time was this project intended to identify any shortcomings of the manufacturer’s efforts in remediating any of the known vulnerabilities, nor was it intended to place any blame or negligence towards the manufacturer in any manner whatsoever. The choosing of the specific device was to provide a simplified example which could be easily demonstrated as a form of substantiation of our position provided through Project SHINE. It should be noted that the device utilized, has an out-of-date version of its firmware that is subject to one or more known vulnerabilities that currently exist. The manufacturer has taken steps previously to remediate those versions of firmware by providing updated versions; it is strongly suggested that any asset owners running this specific version of firmware update/upgrade to the latest version as a precautionary effort. Objective The objective of this project is to provide some form of substantiation that directly connecting an ICS device onto the Internet could have consequences. As such, the premise of this project was to: (1) Obtain current ICS equipment through public sources (eBay), and deploy this equipment as actual cyber assets controlling perceived critical infrastructure environments; (2) Ascertain any pertinent threat or attack vectors, as well as scope and magnitude of any attacks against the perceived critical infrastructure environments; (3) Record network access attempts, and analyze captured network packets for any patterns; and, (4) Report redacted findings for public awareness to governments and media outlets. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 2 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
  • 3. Device Specifications The equipment chosen is a serial-to-Ethernet converter that has capabilities of controlling two (2) ICS devices utilizing either the MODBUS/TCP or DNP3 network protocols. The manufacturer is Siemens RuggedCom, and the device model is RS910, which is a 2-port serial-to- Ethernet converter that is DIN rail-mounted; a hardware diagram is shown below: . Figure 1. The device is running the firmware release level of version 3.8.0. This version of the firmware is susceptible to several publicly known vulnerabilities, including the factory backdoor vulnerability, in which an adversary may bypass security controls by executing an application to obtain administrative privileges through a generated factory account and password. This feature was previously available as a method of accessing the device should an asset owner administrator lose their administrative privileged access to any Siemens RuggedCom device, and has since been remediated by Siemens RuggedCom. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 3 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
  • 4. Device Configuration The device can communicate using the following protocols: TELNET, Trivial FTP (TFTP), Remote Shell (RSH), Secure Shell (SSH), SNMP, HTTP/HTTPS, MODBUS/TCP and DNP3. After resetting the device to factory defaults, all protocols are enabled and available. The following protocols were disabled: TELNET, TFTP, RSH, SNMP, and MODBUS/TCP. The protocols HTTP/HTTPS and SSH are always required (outside of serial console), with minimal connectivity of at least ONE (1) allowed connection. NOTE: The DNP3 protocol cannot be disabled. The device was portrayed and configured as a water pump to a wellhead for a local municipality. In this case, the local government is Geneva, Illinois. The contact name is fictitious; any resemblance to any individuals with a similar name is entirely coincidental. A screen shot of the redacted web interface is shown below: 1 2 Figure 2. 1 The name “RUGGEDCOM”, “Rugged Operating System”, and “ROS” are copyright and registered trademarks of Siemens RuggedCom. 2 The name “goahead” and “goahead WEBSERVER” are copyright Embedthis Software. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 4 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
  • 5. The device was placed online 14-Oct-2014 (Tuesday), and taken out of service 27-Dec-2014 (Saturday). Once placed directly on the Internet, the device was monitored closely for any activity. For sake of brevity, this report was limited to 53 countries, identifying the most significant counted countries, top- to-bottom, left-to-right, which include the following: Country Count Percent Country Count Percent Country Count Percent China 125299 89.2424 France 3344 2.3817 United States 3247 2.3126 Germany 1794 1.2778 Korea 1602 1.141 Singapore 1576 1.122 Tunisia 509 0.363 Ukraine 327 0.233 Indonesia 253 0.180 Canada 220 0.157 Turkey 198 0.141 Italy 196 0.140 Japan 193 0.137 Poland 185 0.132 Netherlands 183 0.130 Lithuania 178 0.127 United Kingdom 159 0.113 Hong Kong 137 0.0.98 Russian Federation 105 0.075 Brazil 85 0.061 Vietnam 81 0.058 Sweden 76 0.054 Belarus 65 0.046 Austria 64 0.046 Taiwan 56 0.040 Panama 47 0.033 Peru 45 0.032 Mexico 44 0.031 Kazakhstan 25 0.018 Norway 17 0.012 Israel 12 0.009 Estonia 10 0.007 India 8 0.006 Hungary 7 0.005 Iran 7 0.005 Malaysia 7 0.005 Romania 7 0.005 Belgium 6 0.004 Moldova 6 0.004 Greece 3 0.002 Spain 3 0.002 Thailand 3 0.002 Australia 2 0.001 Kenya 2 0.001 Pakistan 2 0.001 Argentina 1 0.0007 Costa Rica 1 0.0007 Czech Republic 1 0.0007 Denmark 1 0.0007 Ecuador 1 0.0007 Ireland 1 0.007 Satellite Provider3 1 0.0007 Slovakia 1 0.0007 Table 1. The top-most country is highlighted in red; the remain 4 top-most countries are highlighted in yellow; of 100%, the 5 top-most countries represent 96.3555% or 135,286 out of 140,403 non-unique entries. 3 Based on the IP address, this belonged to an undisclosed satellite provider. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 5 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
  • 6. Percentages With Chinese-based IP addresses representing 89.2424%; the next 4 countries representing 7.1131%; and the remaining 48 countries representing 3.6445%; out of a total of 53 countries. Counts With Chinese-based IP addresses represent 125,299 non-unique entries; the next 4 countries represent 9,987 non-unique entries; and remaining 48 countries representing 5,117 non-unique entries. Total count is 140,403 non-unique entries out of 140,430 total entries. The difference represents 27 erroneous entries (or 0.0192%) due to network connection retries. The margin of error is ±3.04%. Graph (Country Count Distribution) The graph (shown below) demonstrates just how skewed the access attempts against the device were identified per country-based IP address(es). Please note that this does not infer that the country identified is representative of a nation-state sanctioned activity; merely, it is representative of the IP addresses correlated to a specific network address block for that country. Table 2. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 6 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
  • 7. Graph (IP Network Address Count Distribution) The graph (shown below) shows the top 5 IP addresses that are part of the 140,403 count distribution, with a count of 12,112, representing 8.6266% of the total count. Of the 5 IP addresses identified, numbers 1, 3, 4 and 5 are from Chinese-based IP addresses; number 2 is from a French-based IP address. Identified as the following: China: 3044, 2258, 2175, and 2056. France: 2579. Table 3. The top 5 IP addresses are part of a total of 651 IP addresses, minus 3 IP addresses used for local and/or remote access during the packet capture and evaluation. Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 7 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future
  • 8. Conclusion Based on the data examined, it appears that the majority of the access attempts originated from IP addresses belong to the country of China. This does not mean nor infer that any of the access attempts were conducted by anyone from the Chinese nation, its government, or any organization based out of China. The originating IP addresses may be proxied in an effort to mask the originating IP address sources. It would be an assumption that these access attempts were directed primarily at a critical infrastructure specifically; however, this does not mean that such an attempted access could not exist. Majority of the attempts appear to be automated, with repetitive attempts several times within 1-2 seconds of each other, over the course of several minutes. The only exception would be accounts other than “root”, which appear to be manually attempted (“admin”, “support”, “test”, “bin”, “mysql”, et. al). In conclusion, the data provided within this report, as well as through the GitHub repository, will allow anyone to see the amount of probing attempts against unprotected devices may experience. As this experiment was conducted for only 75 days (roughly 2.5 months), this demonstrates the intensity by which these probes are performed. This data is being released publicly in an attempt to provide further aware and understanding of the magnitude of how bad it is for placing equipment directly onto the Internet without any form of protection whatsoever. Please utilize the data as you see fit; however, we request that credentials be given to “Infracritical” should you utilize any or all of the data set. This report may be found on SlideShare: http://www.slideshare.net/BobRadvanovsky/project-ruggedtrax-findings-report-28nov2015 The supporting data may be found on GitHub: https://github.com/infracritical/ruggedtrax Project RUGGEDTRAX - Creative Commons v4.0: Attribution/Non-Commercial Use Page 8 Findings Report – 28 Nov 2015 Infracritical – Your Infrastructure, Their Future