VB2018 preview: Anatomy of an attack: detecting and defeating CRASHOVERRIDE

Posted by   Martijn Grooten on   Sep 26, 2018

One of the many highlights of last year's Virus Bulletin Conference was a last-minute paper by ESET researchers Anton Cherepanov and Robert Lipovsky on Industroyer, 'the first ever malware specifically designed to attack power grids' and which was behind a December 2016 blackout in Ukraine.

This year, the VB2018 conference programme includes a paper by Dragos researcher Joe Slowik, who performs a thorough analysis of the malware his company dubs 'CRASHOVERRIDE'.

Joe explains in his paper that, rather than a single piece of malware, CRASHOVERRIDE is best understood as an event with multiple inter-dependent stages. His paper looks at all these stages, thus not only providing a very welcome analysis of one of this decade's most important malware attacks, but also giving ICS operators and defenders a good idea as to how CRASHOVERRIDE-like attacks can be detected, mitigated and defeated.

figure5_CRASHOVERRIDE_Program_Flow.png

Joe's paper is among the more than 50 presentations on the VB2018 programme, which also includes a paper by the aforementioned Anton Cherepanov, who this year will speak about an APT attack taking place in Central Asia.

VB2018 takes place in Montreal next week. It is still possible to register!

VB2018-withdate-325w.jpg

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2019 conference programme announced

VB is excited to reveal the details of an interesting and diverse programme for VB2019, the 29th Virus Bulletin International Conference, which takes place 2-4 October in London, UK.

VB2018 paper: Under the hood - the automotive challenge

Car hacking has become a hot subject in recent years, and at VB2018 in Montreal, Argus Cyber Security's Inbar Raz presented a paper that provides an introduction to the subject, looking at the complex problem, examples of car hacks, and the…

VB2018 paper and video: Android app deobfuscation using static-dynamic cooperation

Static analysis and dynamic analysis each have their shortcomings as methods for analysing potentially malicious files. Today, we publish a VB2018 paper by Check Point researchers Yoni Moses and Yaniv Mordekhay, in which they describe a method that…

VB2019 call for papers closes this weekend

The call for papers for VB2019 closes on 17 March, and while we've already received many great submissions, we still want more!

Registration open for VB2019 ─ book your ticket now!

Registration for VB2019, the 29th Virus Bulletin International Conference, is now open, with an early bird rate available until 1 July.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.