DATA SHEET

Real-Time Threat Intelligence for ICS/SCADA Systems

The Threat Why Recorded Future

Breaches of Industrial Control Systems (ICS) and Supervisory Control and Data Enable analysts to become Acquisition (SCADA) networks are a relatively new information security threat. Threat more effective with ICS/ actors have multiple motivations for exploiting ICS/SCADA targets. The exploit target SCADA-specific intelligence may be a just stepping stone toward their ultimate target: assets on the corporate and alerts IT network. In this scenario, the ICS/SCADA is a “weak link” and an exploit target of convenience. Or, the threat actor may specifically target the ICS/SCADA system to steal Improve analyst productivity valuable information about the victim’s industrial processes. by relieving the burden of manually collecting ICS/ Regardless of the motives and intent of specific attackers, experts agree that attacks SCADA -related threat data on these systems and networks are on the rise. Compromise of ICS/SCADA systems on the Web is particularly concerning because, in addition to data loss, the breach may result in large-scale disruption of manufacturing processes or even physical damage. Empower security leaders to brief their organization on The Challenges emerging threats, with visually and contextually rich reports Historically, Operational Technology (OT) networks were completely separate from corporate IT networks. For business reasons, these networks are now often connected, which increases risks by opening new pathways for attackers to access corporate systems. Hardening and defending ICS and SCADA systems pose a unique set of challenges:

›› OT networks are full of legacy systems with unpatched vulnerabilities that can be exploited. Fear of business disruption delays upgrades and updates. Attackers focus on cost-effective targets, like those that haven’t been hardened. ›› Maintenance and defense of OT networks require niche technical expertise that is not part of traditional IT skill sets. This makes employees with privileged system access more exposed to social engineering attacks.

As a result, ICS environments are generally slow to respond to changes in threat actor tools and tactics. Threat actors take advantage of this by recycling malware and attack vectors which have proven effective against strongly defended targets in finance and the Defense Industrial Base to exploit industrial targets. Examples include the refreshed BlackEnergy rootkit, recently deployed against industrial targets, and the compromise of technical sites used by ICS/SCADA system operators as poisoned watering holes.

Threat Intelligence for Defense of ICS/SCADA Systems

Recorded Future offers threat intelligence to enhance security against many risks, including threats to ICS/SCADA systems. Recorded Future Cyber provides this real-time threat intelligence by analyzing billions of events reported from the entire Web. Recorded Future provides templates that tailor this threat intelligence capability specifically for defense against ICS/SCADA compromise. Tailored alerts and interactive visualizations surface and display connections from reports on emerging threats. Threat intelligence analysts can drill down on emerging IOCs, quickly gain an understanding of the ICS/ SCADA-related threat in context, and empower their team to block attacks before breaches occur. The ICS/SCADA threat templates apply Web sources and patented methods to enable organizations to meet demanding intelligence goals.

@RecordedFuture | www.recordedfuture.com Automate identification of: Key features enabled by ICS/SCADA threat › › New malware families and known variants targeting ICS/SCADA systems intelligence templates: ›› Incidents involving malware targeting specific ICS product vulnerabilities Live dashboards of real-time ›› TTPs and malware tools linked to threat actors who hit OT exploit targets threat signals ›› ICS/SCADA threat-related findings published by notable information security sources (malware Views targeting specific researchers, security companies, well known security bloggers) reported events

Complex alerting rules Gain real-time situational awareness of: Curated lists of potential ›› Attacks and incidents involving companies with similar OT technology assets (energy, targets and methods targeting manufacturing, oil and gas) ICS/SCADA systems ›› Attacks and incidents involving ICS/SCADA system suppliers ›› High profile news that impacts brand reputation: ICS/SCADA-related security coverage in Next Steps mainstream and business news outside the security community Learn more on how Recorded Future Cyber can provide timely alerts and help you better defend against threats to your ICS/SCADA infrastructure. Contact your account executive or request a demo at www.recordedfuture.com.

Timeline views enables analysts to visualize emerging Overview dashboard of ICS/SCADA related attackers, trends (e.g., the exploitation of ICS vulnerability methods, and targets, with drill downs. CVE-2015-0984).

Recorded Future alerts on ICS/SCADA threats delivered by email in this example.

Analysts can add more context to their threat data with malware technical indicators analyzed by Recorded Future from the Web.

About Recorded Future

We arm you with real-time threat intelligence so you can proactively defend your organization against cyber attacks. With billions of indexed facts, and more added every day, our patented Web Intelligence Engine continuously analyzes the entire web to give you unmatched insight into emerging threats. Recorded Future helps protect four of the top five companies in the world.

Recorded Future, 363 Highland Avenue, Somerville, MA 02144 USA | © Recorded Future, Inc. All rights reserved. All trademarks remain property of their respective owners.

REQUEST A DEMO @RecordedFuture | www.recordedfuture.com