Over a period of months, several Guardian AST gas pump monitoring systems were attacked. These attacks occurred on real pump monitoring systems, but also on systems that we controlled, created, and deployed. We watched these attackers, what they did, and performed intelligence gathering on the nefarious actors.
Details and intelligence on whom the attackers were, possible motivations behind the attacks, and detailed indicators of compromise will be shared in this. At the end of the talk, a script- named Gaspot will be released, allowing for anyone to deploy these virtual monitoring systems themselves.
Kyle Wilhoit is a Sr. Threat Researcher at Trend Micro on the Future Threat Research Team. Kyle focuses on original threat, malware, vulnerability discovery/analysis and criminal activity on the Internet. He also hunts for new malware like a rabid dog. Prior to joining Trend Micro, he was at Fireeye hunting badness and puttin' the bruising on cyber criminals and state sponsored entities as a Threat Intel guy. Prior to Fireeye, he was the lead incident handler and malware guy at a large energy company, focusing on ICS/SCADA security and targeted persistent threats. He has also worked at a Tier 1 ISP playing with malware. Kyle is also involved with several open source projects and actively enjoys reverse engineering things that shouldn't be.
Stephen Hilt has been in Information Security and Industrial Control Systems (ICS) Security for around 10 years. With a Bachelors Degree from Southern Illinois University, he started working for a large power utility in the South East of the United States. There Stephen gained an extensive background in Security Network Engineering, Incident Response, Forensics, Assessments and Penetration Testing. That is where Stephen started focusing on ICS Assessments, then moved to working as an ICS Security Consultant and Researcher for one of the most foremost ICS Security Consulting groups in the world. In 2014, Stephen was named as having one of the coolest hacks by dark reading for his PLCPwn, a weaponized PLC. As well, he has published numerous ICS Specific Nmap Scripts to Identify ICS protocols via native commands. Stephen now is at Trend Micro as a Sr. Threat Researcher, continuing ICS research, and diving into other areas of research. Over the past 10 years, Stephen has learned how to build, defend and attack ICS networks.