CyberX, the IIoT and industrial control system (ICS) security company, today announced that it has been selected to present a session titled Mind the Air-Gap: Exfiltrating ICS Data via AM Radios and Hacked PLC Code, at the 2018 RSA Conference next week in San Francisco. In the session, CyberX VP of Research, David Atch, will discuss a novel attack technique that stealthily injects rogue ladder logic code into programmable logic controllers (PLCs) without interrupting their normal operation.
This approach is similar to the one used in the recently-discovered TRITON attack on a petrochemical facility in Saudi Arabia, in which attackers injected malicious code into a Triconex Safety Instrumented Controller (SIS) — with the likely goal of triggering an explosion that would cause catastrophic physical and environmental damage and potentially loss of human life.
Additionally, CyberX’s RSA session describes an innovative technique that helps shatter the myth of air-gapped ICS networks, which are theoretically isolated from corporate IT networks and the outside world.
CyberX PR Here