Attacks on critical infrastructure are becoming more and more rampant, especially since 2019. Ransomware has become a necessary subject of study for stakeholders and personnel, and has also had a substantial operational impact on industrial control system (ICS) environments. The continuous evolution of ransomware and the peculiarities of the ICS environment make it difficult to ensure that ICSes are protected from ransomware attacks under operating conditions. In this talk, in addition to in-depth analysis of the ransomware behaviors and ransomware-related techniques that have affected ICS environments, we also propose effective defense methods and strategies perfected to ICS environments to strengthen protection against ransomware.

In this talk, we surveyed firsthand many real ICS and SCADA systems, performing penetration testing on several of them. We counted the attack vectors present in this real ICS environment. In our presentation, we will share serveral real-world ICS and SCADA examples on Critical Manufacturing. We will also give a behind-the-scenes view (starting with real-world ICS security assessment) based on different ICS/SCADA systems in several CI sectors. Finally, we will provide serveral sample attack demos. We recreated these in our lab to demonstrate the attacks against real-world ICS equipment in-depth. We will also review 6 common defense strategies to help secure an ICS environment. We believe that such an analysis will help the enhancement of subsequent defense strategies.

This talk briefly presents several misconfigurations that are abused by attacker to compromised domain controller. In advance, taking apart an attack path from usually ignored misconfigurations allowing attacker to control entire Active Directory service.