Story image

ESET to take on Industroyer malware & 'post-truth plague' at Black Hat

13 Jul 2017

ESET is set to reveal the underside of the notorious Industroyer malware and the “post-truth plague” that muddies the waters of cybersecurity advice at the upcoming Black Hat information security conference in Las Vegas later this month.

The global security firm originally discovered Win32/Industroyer, a powerful malware that targets industrial control systems such as switches and circuit breakers.

The Industroyer malware is probably behind the December 2016 power outages in Ukraine, but so far this has not been confirmed by ESET researchers, but already this particular malware is much more powerful.

Researchers speculate that unlike the BlackEnergy and Killdisk malware that hit Ukraine in 2015, the Industroyer malware is much more advanced as it directly targeted switches and circuit breakers.

Anton Cherepanov, ESET senior malware researcher, says that the malware creators display highly specialised knowledge and could not have been made by amateurs.

“These switches and circuit breakers are digital equivalents of analogue switches; technically they can be engineered to perform various functions. Thus, the potential impact may range from simply turning off power distribution, to cascading failures and more serious damage to equipment,” he states in a blog post.

In a further research report, he says that, “It seems very unlikely anyone could write and test such malware without access to the specialized equipment used in the specific, targeted industrial environment”.

Cherepanov’s talk at Black Hat will also feature fellow ESET senior malware researcher Robert Lipovsky, Dragos senior threat analyst Joe Slowik, Dragos threat operations center director Ben Miller and Dragos CEO Robert Lee.

ESET will also host a session on evaluating ‘bold claims’ from security vendors that are a little too eager to capitalise on the burgeoning cybersecurity industry as it explodes.

With widely-publicised attacks such as WannaCry, NotPetya and nation-state hacking dominating the threat space, ESET says businesses and consumers need to know how to take action to protect themselves.

That may be easier said than done, with myths and marketing surrounding cybersecurity products at every turn.

“Is it really possible to defend networks with 'machine learning' and 'artificial intelligence' alone? Why can't we always stop new threats? Is there still honesty in the cyber-security industry,” the company puts forth.

At the Black Hat event, ESET CTO Juraj Malcho will talk about what he calls the ‘post-truth plague’ that confuses businesses and consumers alike, and ultimately how it does more harm than good.

Australians unsure of who is responsible for the safety of their information
According to a recent survey conducted by SOTI, Australians are increasingly concerned about the security of their health records.
Europol makes 61 arrests & nets €6.2 million in dark web crackdown
60 experts from 19 countries, Europol, and Eurojust were involved in hunting for activities including the illegal sale and signs of counterfeit goods and money, drugs, cybercrime, document fraud, non-cash payment fraud, trafficking in human beings and trafficking in firearms and explosives. 
The silver lining in Australia’s Government cloud strategy
Cloud has been a huge part of the ‘digital transformation’ conversation within Australian government during recent years.
Milestone: How video and IoT are finding their place in enterprise
Milestone Systems South Pacific country manager Jordan Cullis talks about three trends that will revolutionise the way video is viewed in 2019 and beyond.
Largest DDoS-for-hire websites responsible for 11% of attacks worldwide – Nexusguard
The FBI’s shutdown of the world’s 15 largest DDoS-for-hire “booter” websites in December resulted in 85% decrease in average attack sizes, year-over year.
Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.