Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou - PowerPoint PPT Presentation

Aug 18, 2023 •687 likes •874 views

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2 2020 Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast Before we get started - The

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2 2020 Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast
Before we get started… - The webinar is being recorded - The recording will be sent out in a few days - Please submit questions using the Q&A feature - All attendee phones are muted - Let’s meet our speakers!
Meet Meet our our Spea peaker ers Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast
Threat Group Names are Everywhere
What does this mean?
Diamond Model of Intrusion Analysis Source: diamondmodel.org
Diamond, Kill Chain, ATT&CK
Activity Groups Source: diamondmodel.org
Activity Group Lifecycle Analytic Problem Feature Redefinition Selection Analysis Creation Growth Source: diamondmodel.org
Activity Groups Source: diamondmodel.org
Behavior, Behavior, Behavior Detection Mitigation Detect classes of threats Mitigate whole classes of threats Detect behaviors, not things Define and control the physics Have 100s of detections, not millions Mitigate Strategically not Tactically
Activity Group Families AGF 1 AG 1 AG 4 AG 2 AGF 2 AG 3 AG 5 Source: diamondmodel.org
Attribution Activity Groups are not equivalent to attribution ICS threat environments are too complex for a simple attribution model Soft Attribution is not Hard Attribution
Some Dragos Activity Groups https://www.dragos.com/threat-activity-groups/
Q& Q&A Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast
Th Thank You! Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast

Recommend

AF T E R-SCHOOL ACT IVIT IE S OF F E R E D AT L F T SCIENCE ACT IVIT IE S

AF T E R-SCHOOL ACT IVIT IE S OF F E R E D AT L F T SCIENCE ACT IVIT IE S IMAGINAT ION INVE ST IGAT ION (Gr ade 1 Gr ade 5) Stude nts te st the ir fo re nsic skills a s the y b e c o me supe r sle uths in o ur de

319 views • 8 slides

Nanot echnol ogy Act ivit ies Nanot echnol ogy Act ivit ies in K or ea in K or ea Hee-Gook Lee

Nanot echnol ogy Act ivit ies Nanot echnol ogy Act ivit ies in K or ea in K or ea Hee-Gook Lee President LG Electronics, Inc. CONTENTS I. Nanotechnology in Korea National Programs Industry Academia NTRA II. Summaries 1

277 views • 8 slides

T HE PROSPE CT IVIT Y OF T HE PROSPE CT IVIT Y OF WE ST E RN NGAMIL AND WE ST E

T HE PROSPE CT IVIT Y OF T HE PROSPE CT IVIT Y OF WE ST E RN NGAMIL AND WE ST E RN NGAMIL AND By Ma nfre d Ma rx By Ma nfre d Ma rx DIAMONDS AND BASE ME T AL S DIAMONDS AND BASE ME T AL S BOT SWANA RE SOURCE CONF

435 views • 18 slides

Atsuto Suzuki 1 in 2007 2 Quest for Quest for Unifying International Linear Collider

Atsuto Suzuki 1 in 2007 2 Quest for Quest for Unifying International Linear Collider Birth-Evolution Matter and Force ILC of Universe Scie cientific ic A Act ctiv ivit ities Lepton CP Asymmetry Beyond Standard Physics

657 views • 33 slides

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides

HE AVY ME T AL DE POSIT ION MONIT ORING ACT IVIT IE S IN MAL AYSIAN ME T E OROL

Asia Pac ific Me r c ur y Monitor ing Ne twor k (APMMN) Wor kshop 22 23 June 2015 Minamata, Japan HE AVY ME T AL DE POSIT ION MONIT ORING ACT IVIT IE S IN MAL AYSIAN ME T E OROL OGICAL DE PART ME NT (ME T MAL

670 views • 23 slides

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides

30 Years 30 rs of His History ry and Future re Pers rspect ctiv ives of Superco rconduct

IEEE/CSC & ESAS SUPERCONDUCTIVITY NEWS FORUM (global edition), February 2018. Plenary presentation PL6-INV was given at ISS 2017, December 13-15, 2017, Tokyo, Japan. 30 Years 30 rs of His History ry and Future re Pers rspect ctiv ives

510 views • 47 slides

Sale les Pre resentatio ion for Matts Mega Mart Object ctiv ives By the end of this

Sale les Pre resentatio ion for Matts Mega Mart Object ctiv ives By the end of this lesson, you will be able to: Apply Theme to presentation Change a table to a form Export Word outline to Use the top 10 filter PowerPoint

411 views • 5 slides

Ne NetBouncer uncer: A : Act ctiv ive D e Device and ice and Link Failure Lo Li

Ne NetBouncer uncer: A : Act ctiv ive D e Device and ice and Link Failure Lo Li Localization in Data Ce Center r Netw twork orks Presented by Akash Kulkarni Problems that may occur in Data Center Routing misconfigurations

670 views • 22 slides

Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides

Just t Tran ansition sition A W A Worker er Per erspe spect ctiv ive 1 ITUC, ETUC and

Just t Tran ansition sition A W A Worker er Per erspe spect ctiv ive 1 ITUC, ETUC and t d the e Just Transit itio ion Cen entre The International Trade Union Confederation represents more than 200 million workers worldwide in

424 views • 16 slides

Pushin ing productiv ivit ity boundarie ies of f Micr icrosoft ft Dynamic ics 365!

Pushin ing productiv ivit ity boundarie ies of f Micr icrosoft ft Dynamic ics 365! SmartBar Navigation and Customize to fit personal Dynamics 365 requirements Cus Customize Quick Vie Qu View & Cou Count Navig igate Adopt

270 views • 5 slides

IM IMPROVING A SOUNDING ROCKET TECHNOLOGY DEMONSTRATOR FOR STUDENT EXPERIMENTAL ACT CTIV

IM IMPROVING A SOUNDING ROCKET TECHNOLOGY DEMONSTRATOR FOR STUDENT EXPERIMENTAL ACT CTIV IVITIES Filippo Trevisi Nimbus Project, CISAS (University of Padova), Italy SSEA, 11/12/2015 1/15 Nimbus Project Founded in 2012 by three students

438 views • 15 slides

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides

MI T Modular Pebble Bed React or (MPBR) A Summary of Research Act ivit ies and Accomplishment s

MI T Modular Pebble Bed React or (MPBR) A Summary of Research Act ivit ies and Accomplishment s Andrew C. Kadak Ronald Ballinger 2nd I nt ernat ional Topical Meet ing on High Temperat ure React or Technology Beij ing, China Sept ember 22-24,

1.55k views • 132 slides

E NGAGING ST AKE HOL DE RS WHIC H AC T IVIT IES? Pa ne l Art Disc ussio n Que stio nna

E NGAGING ST AKE HOL DE RS WHIC H AC T IVIT IES? Pa ne l Art Disc ussio n Que stio nna ire Ga me s F o c us Gro ups Pub lic Displa y Pub lic We b Me e ting s Cha rre tte s Surve ys Da ta mining Vo ting Visio ning

184 views • 7 slides

S afe Rout es t o S chool: Part nerships & Progress t o Increase Physical Act ivit y Among Y

S afe Rout es t o S chool: Part nerships & Progress t o Increase Physical Act ivit y Among Y out h June 1, 2017 Lloyd Nadal, MA Program Administ rator Why S afe Routes to S chool? 19 6 9 50% of children 5 to 14 years of age

378 views • 17 slides

CITIZENSHIP PROJECT JOIN IN 2018-2019 OBJ BJECT CTIV IVE Coletive production of a stories

CITIZENSHIP PROJECT JOIN IN 2018-2019 OBJ BJECT CTIV IVE Coletive production of a stories archive about experiences of connection between countries and European and African cultures. Meth thodolo logy Production of narratives on

376 views • 11 slides

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect Multi-phase approach Initially: create Cyber Domain PIM and S TIX PS M with UML Profile for NIEM Expand to other PS M, create Threat Meta

211 views • 10 slides

EMPLOYEE STOCK OPTION PLANS Managements Pe Perspe pect ctiv ive e for St Stock ck Optio

EMPLOYEE STOCK OPTION PLANS Managements Pe Perspe pect ctiv ive e for St Stock ck Optio ion With the intent to appoint and retain the human assets of the Company and to reward the high potential employees of the Company including new

367 views • 26 slides

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force Los Angeles RWQCB Presentation September 15, 2011 Prologue Low-Threat Policy: An Evolutionary Process STATE WATER RESOURCES CONTROL BOARD

528 views • 31 slides

Affect Varia iabil ilit ity and Dail ily Activ ivit ity Patt ttern Metrics in in Chil

Explo loring th the Associati tion Between Affect Varia iabil ilit ity and Dail ily Activ ivit ity Patt ttern Metrics in in Chil ildren Chih-Hsiang (Jason) Yang, PhD Eldin Dzubur, PhD Jaclyn. P. Maher, PhD Britni. R. Belcher, PhD,

436 views • 21 slides