This presentation forms part of the CTA's Threat Intelligence Practitioners' Summit
Thursday 29 September 2022, 12:00 - 12:30
Gergely (Geri) Revay (Fortinet)
Ukraine’s power grid went down in Kyiv in 2016 for an hour. This was the result of a cyber attack which used the malware known as Industroyer. On 12.04.2022 CERT-UA reported an incident using malware Industroyer2 or Industroyer.V2. Both malware samples are sophisticated software that was designed to create a cyber-physical impact on the electric grid.
With this presentation we will use the threat intelligence from industry on the Industroyer.V2 malware to showcase how the information can be evaluated and deployed in active defensive measures in an OT organization. This is a very interesting scenario that shows how sharing threat intelligence can allow organizations to improve their defences based on actionable intelligence.
First, we will analyse the publicly available reporting on the Industroyer.V2 malware and filter out the actionable threat intelligence. Then we show how this information can be incorporated in the risk assessment of an organization. And finally, we show how the updated risk assessment can lead to the implementation of new countermeasures.
This presentation will provide useful information to all levels of the security organization, from threat analyst to CISOs. It will also show how to react to new threats and build mitigations based on the available threat intelligence.
Gergely (Geri) Revay
Geri has more than 13 years of experience in cybersecurity. He started on this path as he specialized on network and information security in his M.Sc. of computer engineering. Since then, he worked as a QA engineer for a security vendor, then changed to penetration testing, first as an external consultant for numerous companies then as an internal consultant at Siemens. He is an ethical hacker at heart and consultant by trade. He is experienced in executing penetration tests and security assessments both in IT and OT environments. Since he comes from the offensive security side, he has a deep understanding of how hackers think and operate, which can be crucial to build defences. At FortiGuard Labs his focus is now on security research in binary analyses and reverse engineering for malware analysis and threat intelligence.