The world recently learned of new multi-stage router malware with destructive capabilities and the ability to intercept web traffic and insert malicious code into it. Described as \an impressive piece of work" by Bruce Schneier, the VPNFilter malware also includes a packet sniffer for capturing Modbus TCP traffic and credentials passing through VPN routers.
The Modbus TCP plugin indicates the adversary may have the ability and intent to compromise ICS environments and exfiltrate ICS-specific information. It's also possible that compromised routers can now be used as launching points for further attacks into ICS networks ' and that other payloads could easily be added to capture DNP3, Ethernet/IP, Siemens S7, and other ICS/SCADA traffic in the future.
In this educational webinar led by Tim Conway and Doug Wylie from SANS, with Phil Neray from industrial cybersecurity firm CyberX, you'll learn about:
- - VPNFilter's architecture and capabilities.
- - Implications for ICS networks and asset owners.
- - How to defend against VPNFilter and similar malware in the future.