Cyber Threats on theIndustrial Environment

Eduardo Arriols Nuñez

1. Cyber Threats

2. Security Research

3. Conclusions

Cyber Threats

¿What is a Cyber Threat?

Everyone know about traditional threats but…

¿How many of you know all the real threats and risks on your company?

Risks associated to IoT

IT Network

Industrial Network

Security Research

1. Introduction

2. Control of the building

3. Organizations affected

4. Post-explotation

1. Introduction

2. Control of the building

3. Organizations affected

4. Post-explotation

Keep It Simple

1. Introduction

2. Control of the building

3. Organizations affected

4. Post-explotation

Building Management System

IntegratorsManufacturers

Find a backdoor: Existence of valid users in the system that werenot in the documentation.

• guest / *****

• test / ****

• demo / ****

1

Attack vector

Read access to BMS: Access to the BMS only with readpermissions.

2

Access to BMS configuration: Access with read permissions tosystem users and their encrypted passwords.

3

Attack vector

Identification of libraries: Access and download of BMS corelibraries with encryption and decryption functions.

4

Attack vector

Password decryption: Simple script for recovering the credentialsobtained before.

5

Attack vector

Access as administrator: Use of users and credentials obtained.6

Attack vector

1. Introduction

2. Control of the building

3. Organizations affected

4. Post-explotation

Location of vulnerable systems

Private companies

Banks

Hospitals

Airports

Industrial companies

Jails

Police departaments

Government buildings

Demo time

1. Introduction

2. Control of the building

3. Organizations affected

4. Post-explotation

More advance actions

Signal alteration

Automation of all actions

Access to industrial network of the building

Access to internal network of company

Launch advanced and targeted attacks on a city

Conclusions

New technology

New threats

Evolution of threats

New securitychecks

The Red Team exercise is the most specialized intrusion service that simulate a targetedattack from an adversary mindset. The exercises allows the company to identify their globalsecurity level, as well as the level of prevention and protection against targeted threats.

The only way to identify the global security and the Blue Team capabilities

Red Team Operations

DIGITAL SECURITY

SOCIAL ENGINEERING

PHYSICAL SECURITY

OFFENSIVE INTELLIGENCE

¿Questions?

Eduardo Arriols Nuñezeduardo_arriols@innotecsystem.com @_Hykeos