Identified early in 2022, PIPEDREAM is the seventh-known ICS-specific
malware and the fifth malware specifically developed to disrupt
industrial processes. PIPEDREAM demonstrates significant adversary
research and development focused on the disruption, degradation, and
potentially, the destruction of industrial environments and physical
processes. PIPEDREAM can impact a wide variety of PLCs including Omron
and Schneider Electric controllers. PIPEDREAM can also execute attacks
that take advantage of ubiquitous industrial protocols, including
CODESYS, Modbus, FINS, and OPC-UA.
This presentation will summarize the malware, and detail the
difficulties encountered during the reverse engineering and analysis
of the malware to include acquiring equipment and setting up our
lab. This talk will also release the latest results from Drago's lab
including an assessment of the breadth of impact of PIPEDREAM's
CODESYS modules on equipment beyond Schneider Electric's PLCs, testing
Omron servo manipulation, as well as OPC-UA server manipulation.
While a background in ICS is helpful to understand this talk, it is
not required. The audience will learn about what challenges they can
expect to encounter when testing ICS malware and how to overcome them. |