Lunch and learn for the Energy sector
Join us for peer-to-peer discussion over lunch
We've invited a handful of dedicated security professionals for a lunch event for the Energy sector. Join us to share experiences, get updated on the innovations occurring at mnemonic these days, and learn about our sector-specific partnerships.
Date: Wednesday 28.09.2022
Time: 10:00-13:00 incl. lunch
Location: mnemonic HQ, Henrik Ibsens gate 100, 0255 Oslo
Other: please reach out to [email protected] if you have any dietary restrictions
On December 17, 2016 there was an hour long power outage in a fifth of Kyiv, Ukraine as a result of a cyberattack. The malware, known as Industroyer/CrashOverridem, had support for the IEC 60870-5-104 (IEC104) ICS/SCADA network protocol. A protocol used for high-level monitoring and controlling electrical power systems from control rooms to substations. Compromising a supervisory computer with such malware provides the attacker with potentially total control of the industrial control system.
This weakness was recognised by mnemonic before the attack, and we were finalising an IEC104 decoder for our intrusion detection system when it occured. The decoder turns on the lights in an otherwise opaque stream of bytes, and enables us to observe and detect activity in electric power systems. Lately we have also established a reverse engineering team that is able to provide detailed insight into malware functionality.
On April 8, 2022 there was another cyberattack on the Ukranian power grid. This malware also had support for IEC104 and was aptly dubbed Industroyer2 due to code similarities. As opposed to the first time, this time we had the ability to take it a step further and create unique, world-class detecton capabilities.
A cross-departmental team at mnemonic analysed the malware to determine the kind of traffic it generated, and were able to identify unique patterns for detection. Finally, they combined this knowledge with the power of Argus' detection capabilities to produce (as far as we know) the only general, robust and easy to deploy network detection rule for Industroyer2 in the world.
Join us on Wednedsay the 28th of September, to learn more about the significance of this finding, and the process we went through to get there.
The full agenda is as follows:
10:00-10:10
Introductions
10:10-10:45
with Rafael Lukas Maers, Reverse Engineering Team Lead, mnemonic
How we found our unique detection rule for the Industroyer2 malware
10:45-11:00
Break
11:00-11:30
with Peter Szendröi, Technical Sales Engineer, Nozomi Networks
Nozomi's work on Industroyer2, and Nozomi's security and visibility plattform
11:30-12:00
with Christian Heggen, Senior Threat Intelligence Advisor, Crowdstrike
In-depth threat landscape briefing tailored for the Energy sector
12:00-12:10
Concluding remarks
12:10-13:00
Lunch
Interested?
Please register by replying to your invitation email.