Black Hat EU 2013 - Who's Really Attacking Your ICS Devices?
ฝัง
- เผยแพร่เมื่อ 13 ต.ค. 2024
- By: Kyle Wilhoit
ICS/SCADA systems have been the talk of the security community for the last two years due to Stuxnet, Flame, and several other threats and attacks. While the importance and lack of security around ICS systems is well documented and widely known, this talk illustrates Internet facing SCADA/ICS systems, who's really attacking them, and why.
This talk will also cover the robust honeynet developed for research purposes on whom, is attacking ICS systems. Throughout the course of several months, I have created a honeynet/honeypot architecture that directly mimics ICS/SCADA devices and had them Internet facing. The results of attacks were quite astounding, and will be covered in my talk as well.
Okay I later read how he was able to determine their location. I commented too early.
The speaker has statistics on the countries where the attacks originated. I assume he is doing this by IP addresses. How does he know they are not using a Tor or proxychains switch or something like that to hide their origination point so that the exit relay is coming from say China but the attack did not originate in China?