The Rise of ICS Malware

A Comparative Analysis

Conference paper (2022)

Authors

Yassine Mekdad Moulay Ismail University

Giuseppe Bernieri Università degli Studi di Padova

M. Conti Università degli Studi di Padova

Abdeslam El Fergougui Moulay Ismail University

Affiliation

External organisation

Cyber attack Malware ICS cyber kill chain Hybrid analysis Industrial control system

More Info

expand_more

To reference this document use:

http://resolver.tudelft.nl/uuid:0cbeaca4-f69c-4d87-9ddc-711a368c238e

Published Date

2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Affiliation

External organisation

Abstract

Cyber attacks against Industrial Control Systems are one of the major concerns for worldwide manufacturing companies. With the growth of emerging technologies, protecting large-scale Critical Infrastructures has become a considerable research topic in the past decade. Nowadays, software used to monitor Industrial Control Systems might be malicious and cause harm not only to physical processes but also to people working in industrial environments. To that end, integrating safety and security in Industrial Control Systems requires a well-developed understanding of malware-based cyber attacks. In this paper, we present a comparative analysis framework of ICS Malware in a bi-layered approach: A cyber threat intelligence layer based on the ICS cyber kill chain and a hybrid analysis layer based on a static and dynamic analysis of ICS malware. We evaluated our proposed method by experimenting five well-known ICS malware: Stuxnet, Havex, BlackEnergy2, CrashOverride, and TRISIS. Our comparative analysis results show different and similar strategies used by each ICS malware to disrupt the ICS environment.