![]() ![]() Dragos recommends the following defensive mitigations. ![]() All of these capabilities can lead to a loss of safety, availability, and control of an industrial environment, dramatically increasing time-to-recovery, while potentially placing lives, livelihoods, and communities at risk.ĭue to the historic and expansive nature of PIPEDREAM, mitigating the CHERNOVITE threat will require a robust strategy, and not simply applying cybersecurity fundamentals. These combined components allow CHERNOVITE to enumerate an industrial environment, infiltrate engineering workstations, exploit process controllers, cross security and process zones, fundamentally disable controllers, and manipulate executed logic and programming. PIPEDREAM accomplishes this far-reaching impact through a series of five components that Dragos labels: Mapping CHERNOVITE/PIPEDREAM Behaviors to MITRE ATT&CK for ICS Matrix Said simply, a focus on the equipment vendor is misplaced, and instead the focus should be placed on the tactics and techniques the adversary is leveraging. While CHERNOVITE is specifically targeting Schneider Electric and Omron PLCs, there could be other modules targeting other vendors as well, and PIPEDREAM’s functionality could work across hundreds of different controllers. PIPEDREAM is not currently taking advantage of any Schneider or Omron vulnerabilities, instead it leverages native functionality. Together, PIPEDREAM can affect a significant percentage of industrial assets worldwide. 1 PIPEDREAM can manipulate a wide variety of industrial control programmable logic controllers (PLC) and industrial software, including Omron and Schneider Electric controllers, and can attack ubiquitous industrial technologies including CODESYS, Modbus, and Open Platform Communications Unified Architecture (OPC UA). ĬHERNOVITE’s PIPEDREAM can execute 38 percent of known ICS attack techniques and 83 percent of known ICS attack tactics. Dragos assesses with high confidence that PIPEDREAM has not yet been employed in the wild for destructive effects. PIPEDREAM is a modular ICS attack framework that an adversary could leverage to cause disruption, degradation, and possibly even destruction depending on targets and the environment.ĭragos identified and analyzed PIPEDREAM’s capabilities through our normal business, independent research, and collaboration with various partners in early 2022. The CHERNOVITE Activity Group (AG) developed PIPEDREAM. PIPEDREAM is the seventh known industrial control system (ICS)-specific malware. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |