Daniel Kapellmann Zafra on Incontroller/Pipedream ICS Attack Tools

Nexus: A Claroty Podcast

English - May 04, 2022 04:00 - 39 minutes - 27.1 MB - ★★★★★ - 4 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Sharon Brizinov on Hacking and Securing PLCs

Next Episode: Thomas Schmidt and Martin Scheu on the Common Security Advisory Framework

Mandiant senior technical analysis manager Daniel Kapellmann Zafra joins the Claroty Aperture podcast to discuss the Incontroller/Pipedream attack tool. Incontroller is alleged to be a state-sponsored tool specifically designed to target industrial control systems. Incontroller was discovered before it was employed on a victim's network, yet nonetheless it remains one of the most sophisticated, dangerous ICS attack platforms ever developed.

Kapellman Zafra discusses Incontroller's three components—Tagrun, Codecall, and OmShell—that give it extreme flexibility in targeting different ICS equipment and communication protocols. You'll also learn about how resilient potential victims may be, as well as some of the mitigations and defensive strategies that organizations should consider.