Cyber attacks against Industrial Control Systems are one of the major concerns for worldwide manufacturing companies. With the growth of emerging technologies, protecting large-scale Critical Infrastructures has become a considerable research topic in the past decade. Nowadays, software used to monitor Industrial Control Systems might be malicious and cause harm not only to physical processes but also to people working in industrial environments. To that end, integrating safety and security in Industrial Control Systems requires a well-developed understanding of malware-based cyber attacks. In this paper, we present a comparative analysis framework of ICS Malware in a bi-layered approach: A cyber threat intelligence layer based on the ICS cyber kill chain and a hybrid analysis layer based on a static and dynamic analysis of ICS malware. We evaluated our proposed method by experimenting five well-known ICS malware: Stuxnet, Havex, BlackEnergy2, CrashOverride, and TRISIS. Our comparative analysis results show different and similar strategies used by each ICS malware to disrupt the ICS environment.

The Rise of ICS Malware: A Comparative Analysis

Bernieri G.;Conti M.;
2022

Abstract

Cyber attacks against Industrial Control Systems are one of the major concerns for worldwide manufacturing companies. With the growth of emerging technologies, protecting large-scale Critical Infrastructures has become a considerable research topic in the past decade. Nowadays, software used to monitor Industrial Control Systems might be malicious and cause harm not only to physical processes but also to people working in industrial environments. To that end, integrating safety and security in Industrial Control Systems requires a well-developed understanding of malware-based cyber attacks. In this paper, we present a comparative analysis framework of ICS Malware in a bi-layered approach: A cyber threat intelligence layer based on the ICS cyber kill chain and a hybrid analysis layer based on a static and dynamic analysis of ICS malware. We evaluated our proposed method by experimenting five well-known ICS malware: Stuxnet, Havex, BlackEnergy2, CrashOverride, and TRISIS. Our comparative analysis results show different and similar strategies used by each ICS malware to disrupt the ICS environment.
2022
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
LECTURE NOTES IN ARTIFICIAL INTELLIGENCE
7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2021, 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021 and 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT and SECOMANE 2021 held in conjunction with 26th European Symposium on Research in Computer Security, ESORICS 2021
WOS:000771723100029
2-s2.0-85125265040
978-3-030-95483-3
978-3-030-95484-0
04.01 - Contributo in atti di convegno
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11577/3439718
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 14
  • ???jsp.display-item.citation.isi??? 1
  • OpenAlex ND
social impact