--[ Insights Into Foreign SCADA Bots Probing US OT Assets

Personal
$ getent passwd ptrainor
.
├─ name: Philip Trainor
└── org: Nozomi Networks
Experience

I have been a featured speaker at the RSA Conference (2x in SF, 2x in Singapore), Blackhat, Defcon (1 Las Vegas, 1 Beijing), Toorcon, Association of Old Crows, CyberTech Israel, ISSA, and many others. I am highly comfortable on stage and I have a superior track record of delivering thoughtful, clear lectures. I am also very open to adhering to style and content requirements dictated by the AvengerCon program committee. It is my goal, as always, to impart the audience with unique information that they retain and leave the event with a stronger foundation of current cyber security knowledge to assist them in their professional roles.

Abstract

Foreign hackers and state intelligence agencies leverage the automation of bots in order to enumerate Industrial Control Systems assets within the United States for the purpose of ransoming those assets and/or conducting espionage and/or waging cyber warfare. By collecting a large amount of data pertaining to the origin of the bots pertaining to their attack and information collecting techniques we can better protect critical industrial resources from foreign attack.

As a result, our critical infrastructure is under constant network attack by foreign actors tasked with infiltration. Bots are a common tool used to interrogate the entirety of the US IP Address space looking for Operational Technology systems unknowingly exposed on the internet. This lecture will delve into the activities of these foreign based bots and examine the real data derived from their attack campaigns. Attendees will leave with a better understanding on how foreign actors use bots in their pursuit of hacking US Based Industrial Control Systems.