Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
General
Off-Topic
Fun InfoSec vid
636-555-3226
Nothing surprising in here for the experienced amongst us, but it's a fun watch nonetheless.
https://www.youtube.com/watch?v=pL9q2lOZ1Fw
Find more posts tagged with
Comments
Chivalry1
Not surprised at this...SO many companies are open to threats for the sake of money hungry executives. Dev/Prod/Technical/System Admin operation groups are now moving critical systems to the Cloud where they are NOT/CANNOT be monitored by InfoSec teams. Neither are they being patched or AV being deployed.
BlackBeret
So it took me a while to get past how these guys were acting. I understand the work hard, play hard mentality, but they seemed like they were just throwing random tools at everything. "Oh I look like I'm going to combat lolz"... It was hard to take them serious at anything they were doing. For those that haven't looked at or played with ICS there's a lot they left out, and a lot these guys probably didn't know either. ICS systems typically all have multiple forms of mechanical safety, electro-mechanical non-connected backups, and let's not forget about all of the stand alone systems. "I could run a single command and shut it all down". No, you can run a single command attempting to shut it down across the wire, but the PLC's are going to switch it to a local control system. Worst case you shut off a part of the distribution chain by taking physical action, then load balancers and backups from other distribution sites fail over to cover the gap. Actually, worst case you some how get in to the production environment, but all of the physical safeguards in there would make any cyber attack attempt useless.
People think that because there's a computer on the line that it's in control, a lot more goes in to these types of systems than they know. If you want to see how an actual attack against a powergrid less robust than ours went take a look at the analysis of the attack on the Ukrainian power grid. Keep in mind their grid is less robust, it took the (assumed state-sponsored) attackers 6 months, and they took down three distribution sites for 6 hours, effecting 225,000 people (or less than 20% of San Antonio). Part of this attack involved writing custom firmware for media converters, getting them updated without anyone noticing, and coordinating multiple phases of the attack to occur simultaneously across the system.
The guys in the video sticking rubber duckies in to unlocked computer terminals couldn't have really effected much, unless they left out the fact that one or two of them was an electrical engineer that spent time designing these networks.
NERC
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
