ics/scada 보안 위협 현황 및 제어망 해킹...
TRANSCRIPT
![Page 1: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/1.jpg)
ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연
Louis Hur
2016/3/14
![Page 2: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/2.jpg)
주요 약력 • 2004 ~ Now – NSHC Inc, CEO • 2014 ~ Now – 시큐인사이드 조직위원회 • 2015 ~ Now – Kimchicon Organizer & Staff • 2009 ~ Now – 이슈메이커스랩 Researcher • 2010 ~ Now – Red Alert Team Researcher • 2015 ~ Now – 인터폴 국제기구 악성코드 분석 부분 자문
최근 활동 • 2016.04 – Null&Con in Singapore Speaker • 2015.06 – 1st Kimchicon Speaker • 2015.11 – 2015 Black Hat Amsterdam Speaker • 2015.08 – 2015 HongKong CCS 2015 Speaker
관심 분야 • 제어시스템 보안과 관련 S/W 버그 헌팅 • Offensive Security Business Modeling • Global Business structure
![Page 3: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/3.jpg)
Part 1. NSHC ? Part 2. ICS/SCADA Security Part 3. Conclusion
Index
![Page 4: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/4.jpg)
Let me introduce NSHC
Part 1. NSHC ?
![Page 5: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/5.jpg)
General NSHC Inc. (Kor) Located at South Korea Senior Researcher: 58
NSHC Global (SIN) Located at Singapore Senior Researcher: 16
Advanced Hacking Lab
Zero-day Vulnerability Hunting Team
Security Training
Team
Red Alert Team NSHC United.
• CEO & Founder: Louis Hur
• Establish: Mar. 2004.
• Staffs: 74
• Researcher : 56
Solutions
Research
Consulting & Training - Vulnerability Scanner & Analysis
- Penetration Testing - Information Security Consulting - Real-world Hacking Simulation - Mobile App Security Checking
- nSafer: Encryption Library - nFilter: Security Keypads - Droid-X: Mobile Antivirus - nOTP: OTP for Smart device - App Protect: App Security Tool
- Red Alert Service - Zero-day Research - APT & Threat Research
Part 1. NSHC ?
![Page 6: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/6.jpg)
Part 1. NSHC ?
Reputation of Red Alert Team
![Page 7: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/7.jpg)
2015.11 – Code blue Pwn2Own Winner 2015.07 시큐인사이드 CTB 대회 포상
2015 Year
Part 1. NSHC ?
Bug Hunting
![Page 8: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/8.jpg)
NSHC 싱가포르 법인은 발전소와 공항 등 주요 기반시설 ICS 보안 취약점을 연구했다. 제품보다 보안정보 제공, 모의해킹, 컨설팅, 교육 서비스에
집중했다.
ICS / SCADA 보안 취약점 정보와 기업·개인정보 유출 현황 등을 글로벌
기업과 정부기관에 판매했다.
2016년 1월 - 전자신문
Part 1. NSHC ?
SCADA/ICS Service
![Page 9: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/9.jpg)
Part 1. NSHC? Part 2. ICS/SCADA Security Part 3. Conclusion
Index
![Page 10: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/10.jpg)
ICS/SCADA Security
![Page 11: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/11.jpg)
ICS/SCADA Security
http://www.risidata.com/Database/event_date/desc 1
2
![Page 12: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/12.jpg)
ICS/SCADA Security
![Page 13: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/13.jpg)
ICS/SCADA Security
![Page 14: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/14.jpg)
ICS/SCADA Security
![Page 15: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/15.jpg)
ICS/SCADA Security
https://www.shodan.io/ 1 2 Search Keyword: siemens country:kr
![Page 16: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/16.jpg)
ICS/SCADA Security
https://www.shodan.io/ 1 2 Search Keyword: sunny webbox
![Page 17: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/17.jpg)
ICS/SCADA Security
https://www.google.co.kr 1
2 Search Keyword: "모니터링 화면입니다" 태양
![Page 18: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/18.jpg)
ICS/SCADA Security Date Customer Project Name
2014-5 Speaker at 2015 PoC Security conferences
Speaker at PoC Security Conference of New Threat of SCADA
System (Include showing 0-day of SCADA System) –
Encl(Attached file)
Project description : Success (SCADA Training Services)
SCADA 0-Day Demo
https://www.youtube.com/watch?v=PvfUUbS16F8
![Page 19: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/19.jpg)
ICS/SCADA Security
![Page 20: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/20.jpg)
ICS/SCADA Security
![Page 21: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/21.jpg)
ICS/SCADA Security
![Page 22: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/22.jpg)
ICS/SCADA Security
![Page 23: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/23.jpg)
ICS/SCADA Security
![Page 24: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/24.jpg)
ICS/SCADA Security https://infogr.am/app/#/edit/45f624f3-72fe-46ba-b880-c9d0ec47806f https://infogr.am/app/#/edit/48fde95f-c5eb-4ab2-b2ed-4e1c06f90744 1
2
![Page 25: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/25.jpg)
ICS/SCADA Security
![Page 26: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/26.jpg)
ICS/SCADA Security
a
Traditionally, SCADA networks have been segregated from other corporate networks to minimize exposure to unsecure areas, such as the Internet. Recently however, more organizations are connecting SCADA networks with other potentially unsecure networks in order to cut costs, share operational information, or distribute ordering/billing data. Even when connecting SCADA networks to other networks is prohibited by corporate policy, incorrectly installed systems can unintentionally bridge networks together - putting SCADA networks and the processes they control at risk.
![Page 27: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/27.jpg)
ICS/SCADA Security No Attack Vector Target Case Study
1 Malware infected through internet service (Email, File, hyper-Link, APK, etc.)
Control System Network Business/corporate Network
Stuxnet, Regin 3.20 Korea Plants (http://www.theguardian.com/world/2014/dec/22/south-korea-nuclear-power-cyber-attack-hack)
2 Malware infect through physical access to victim PC (USB, Bluetooth, RFID and etc…)
Control System Network Business/corporate Network
Stuxnet
3 Malware infect through Water Hole Attack (Drive-by-Exploit: Using browser or plug-in 0day, Firmware updated Hijacked, DNS Spoofing Attack)
Control System Network Business/corporate Network
APT Attack
4 Attacker can access Business / Corporate network through DMZ System (Mail, Web, FTP, DNS, and VPN Server)
DMZ Zone Systems
5 Identity Theft, Social Engineering hacking, abetting crime
Control System Network Business/corporate Network
6 Drone , Dragonfly, Havex Attack Control System Network Business/corporate Network
https://www.alienvault.com/forums/discussion/2950/dragonfly-havex-energetic-bear-cyber-espionage-attacks-against-energy-suppliers
![Page 28: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/28.jpg)
ICS/SCADA Security No Attack Vector Target Case Study
7 IoT Devices and embedded system Attack Control System Network Business/corporate Network
8 File Transfer between air-gab area through other devices (Mic & Speaker)
Using Mic and speaker For communicate between separated network. Attacker is able to execute command and file transfer over the air-gab.
Demo Video: https://www.youtube.com/watch?v=Tpc8tyqG88U
9 Hack Air-Gapped Computer With Simple Cell Phone
Attacker can access Control System Network and Business/corporate Network through simple Cell Phone.
Demo Video: http://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone/?mbid=social_twitter
10 intentional backdoor which made by other country or vendor
Control System Network
11 BAD DNS Attack Over the Airgap but connected DNS Siemens
![Page 29: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/29.jpg)
Hacking Demo for SCADA
![Page 30: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/30.jpg)
Part 1. NSHC? Part 2. ICS/SCADA Security Part 3. Conclusion
![Page 31: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/31.jpg)
Is it interesting? And then…
Conclustion
![Page 32: ICS/SCADA 보안 위협 현황 및 제어망 해킹 시연secuinside.com/archive/2016/2016-1-2.pdf · 2016-07-21 · ICS/SCADA Security a Traditionally, SCADA networks have been segregated](https://reader030.vdocuments.mx/reader030/viewer/2022040603/5e9f4b832bcb796e04372516/html5/thumbnails/32.jpg)
Cyber trend? Is your trend?