logo
allArticlesConferencesPresentations

The Hunt for Major League IoT-ICS Threats: A Deep Dive into IoT Threat Terrain

Conference:  BlackHat EU 2020

2020-12-10

Summary

The presentation discusses the use of hunting engines in cybersecurity and the next generation of IoT and ICS rate hunting systems. It also covers the process of deploying new hunting engines and the importance of automating the hunting process.
  • Hunting engines are used to quickly classify and investigate attacks on particular protocols
  • The next generation of hunting systems will focus on IoT and ICS rate hunting
  • Machine learning will be used for more precise hunting
  • Automating the hunting process can reduce malware investigation time
  • The process of deploying new hunting engines involves checking configuration files and deploying new images
  • The hunting process involves collecting data, analyzing it, and generating IOCs
The presentation includes a video demo of the process of deploying a new hunting engine and the steps involved in collecting and analyzing data. It emphasizes the importance of automating the hunting process to reduce investigation time and improve the accuracy of IOCs.

Abstract

Because the Internet of Things is a major part of modern life, security threats are everywhere. Security incidents as well as the results of our many threat hunts have shown us that hundreds of millions of devices have been traumatized by attackers' malicious actions, made part of large botnets, or disrupted through malicious programs taking advantage of zero-day or one-day vulnerabilities.In order to reinforce detection and defensive capabilities against such IoT-ICS threats, we have deployed hundreds of automated threat hunting engines worldwide. In the past year, we have received and analyzed more than 45 TB of traffic, detected over 1.1 billion attacks from over 200 countries, and hunted 400 million plus suspicious IPs, 30 million plus suspicious domains, and over 1 million malicious files (RATs, trojans, worms, ransomware, and so on). Among those malicious files, more than 40% are unknown -- VirusTotal couldn't recognize them. We also found that more than 1.1 million devices may have been assimilated into botnets.This talk will share in detail how we built an automated large-scale threat hunting system, and give a deep look into the overall threat situation and trends from 6 hunting examples from the past year. We will share the benefits and responses to the threats we found, and the next steps for our threat hunting project.
Materials:
Slides
Paper
Tags:

Post a comment

Related work

State of the Hack 2023

Conference:  RSA Conference 2023
Authors: Rob Joyce
2023-04-24

Can You Roll Your Own SIEM?

Conference:  BlackHat USA 2021
Authors:
2021-08-04

Deception at Scale: How Malware Abuses Trust

Conference:  Black Hat Asia 2023
Authors: Gerardo Fernandez Navarrete
2023-05-11

Looking at 4 years of web honeypot attacks: tactics, techniques and trends

Conference:  OWASP 20th Anniversary Event
Authors: Malcolm Heath, Raymond Pompon
2021-09-24

How we recovered $XXX,000 in Bitcoin from an encrypted zip file

Conference:  Defcon 28
Authors:
2020-08-01

Understanding the IoT Threat Landscape and a Home Appliance Manufacturer's Approach to Counter Threats to IoT

Conference:  BlackHat EU 2019
Authors:
2019-12-05