## A Diet of Poisoned Fruit: #### Designing Implants & OT Payloads for ICS Embedded Devices ###### Jos Wetzels, Marina Krotofil ----- #### Marina Krotofil ###### @marmusha • Senior Security Engineer • Specializing on offensive security of Critical Infrastructures • Focus: Physical Damage or how to make somethings go bad, crash or blow up by means of cyber-attacks ----- #### Jos Wetzels ###### @s4mvartaka • Principal Consultant & Security Researcher • Focus: Embedded Systems Security (ICS, Automotive, IoT, …) • (previously) Security Researcher @ University of Twente on protection of critical ----- ### AGENDA ###### 1. Introduction 2. Cyber-Physical Attack Lifecycle 3. Implants 4. OT Payloads 5. Conclusion ----- ### Here is a Plant. What is Your Plan? ----- ### Two Common View on Cyber-Physical Attacks ##### • “Trivial! Look at the state of ICS security!” • “Borderline impossible! These https://image.shutterstock.com/image-illustration/six-nine-matter-perspectives260nw-1024980271.jpg ##### processes are extremely complex & engineered for safety!” https://image.shutterstock.com/image-illustration/six-nine-matter-perspectives- 260nw-1024980271.jpg ----- ### (does not exist!) ----- ### Attacks with Strategic and Long Lasting Effect ###### • Attacks with strategic, lasting damage will be process specific & require good process comprehension • Wil require attacker to develop detailed ‘damage scenario’  What causes a pipeline to explode?  What causes the right pipeline to explode?  What causes the right pipeline to explode at the right moment? ###### process specific ’ right ----- ### Industrial Control Systems (ICS) ###### Computer science (IT security) Engineering (OT security) Attacker Physical ###### Computer science (IT security) Engineering (OT security) ----- ### IT Security vs. OT Security ###### ICS security IT security OT security (cyber-security -> (causing impact on the taking over the operations -> process and infrastructure) equipment) Attack payload #### Marina & Jos ----- ### Industrial Plants Work on Control Loop ###### Process ### Concept D feed 63.6 63.4 63.2 63 D Feed 3750 3700 3650 3600 ----- ### Industrial Network Architecture ###### Field ----- ### Physical Process and Control Equipment https://vecer.mk/files/article/2017/05/02/485749-saudiska-arabija-ja-kupi-najgolemata-naftena-rafinerija-vo-sad.jpg http://www.jfwhite.com/Collateral/Images/English-US/Galleries/middleboro9115kvbreakers.jpg https://www.roboticsbusinessreview.com/wp-content/uploads/2016/05/jaguar-factory.jpg https://www.roboticsbusinessreview.com/wp-content/uploads/2016/05/jaguar-factory.jpg ----- ### Physical Process and Control Equipment http://www.jfwhite.com/Collateral/Images/English-US/Galleries/middleboro9115kvbreakers.jpg https://www.roboticsbusinessreview.com/wp-content/uploads/2016/05/jaguar-factory.jpg #### PHYSICAL ----- ### Security vs. Safety ###### Security incident Threats Hazards Time Incident Security infridgementsLayers of security Layers of safetySafety measures |Col1|Col2|Col3|Col4|Col5|Security incident|Col7| |---|---|---|---|---|---|---| ||||||Incident|| |||||||| |||||||| |Security infridgements Layers of security protections||||||| |Col1|Col2|Col3|Col4|Col5| |---|---|---|---|---| |Safety measures Layers of safety protections||||| ###### Time ----- ### Hazards and Layers of Safety Protections ----- ### Designing Cyber-Physical Payload ###### Evil Motivation https://cdn5.vectorstock.com/i/1000x1000/32/14/skulland-crossbones-with-binary-code-vector-20603214.jpg ###### Cyber-physical Payload https://cdn5.vectorstock.com/i/1000x1000/32/14/skull- and-crossbones-with-binary-code-vector-20603214.jpg ----- ### AGENDA ###### 1. Introduction 2. Cyber-Physical Attack Lifecycle 3. Implants 4. OT Payloads 5. Conclusion ----- ### Cyber-Physical Attack Development Lifecycle ###### • If you know how attackers work, you can figure out how to stop them • Attack lifecycle is a common method to describe a process of conducting cyber attacks ----- ### Cyber-Physical Attack Development Lifecycle ###### Obtaining Feedback ###### Access Discovery Control Damage Cleanup ###### Preventing Response Cleanup ----- # How Does This Fit into Other Attack Frameworks? ----- ### Lockheed Martin, the Cyber Kill Chain® #### You are here ----- ### Mandiant Attack Lifecycle #### You are here ----- ### SANS Industrial Control System Cyber Kill Chain ----- ### ICS MITRE ATT&CK™ ###### Otis Alexander. Modeling Adversarial Behavior against ICS, S4’19 **Persistence** **Privilege Escalation** **Defense Evasion** **Operator Evasion** **Credential Access** **Discovery** **Lateral Movement** **Execution** **Command and Control** **Disruption** **Destruction** Valid Accounts Rootkit Network Sniffing Exploitation of Vulnerability Connection Proxy Module Firmware Module Firmware Exploitation of Vulnerability File Deletion Block Serial Comm Port Brute Force Device Information Default Credentials Scripting Commonly Used Port Spoof Command Message External Remote Service Modify Event Log Modify I/O Image Default Credentials Control Process Valid Accounts Graphical User Interface Block Command Message Modify Control Logic Alternate Modes of Operation Modify Reporting Settings Exploitation of Vulnerability Role Identification External Remote Service Command-Line Interface Modify I/O Image Modify System Settings Masquerading Modify Reporting Message Credential Dumping Location Identification Modify Control Logic Modify System Settings Exploitation of Vulnerability Network Connection Memory Residence Modify System Settings Block Reporting Message Man in the Middle Modify Reporting Settings Enumeration System Firmware Spoof Reporting Message Serial Connection Enumeration Alternate Modes of Operation Modify Reporting Message Modify Tag I/O Module Enumeration Block Reporting Message Modify Control Logic Remote System Discovery Spoof Reporting Message Modify Physical Device Display Network Service Scanning Modify Tag Modify HMI/Historian Modify Control Logic Reporting Modify Parameter Device Shutdown Modify Parameter System Firmware Modify Command Message Block Serial Comm Port Modify System Settings ###### We don’t know Alternate Modes of Operation Masquerading ###### where we are in this model just yet ) |Persistence|Privilege Escalation|Defense Evasion|Operator Evasion|Credential Access|Discovery|Lateral Movement|Execution|Command and Control|Disruption|Destruction| |---|---|---|---|---|---|---|---|---|---|---| |Valid Accounts||Rootkit||Network Sniffing||Exploitation of Vulnerability||Connection Proxy|Module Firmware|| |Module Firmware|Exploitation of Vulnerability|File Deletion|Block Serial Comm Port|Brute Force|Device Information|Default Credentials|Scripting|Commonly Used Port|Spoof Command Message|| |External Remote Service||Modify Event Log|Modify I/O Image|Default Credentials|Control Process|Valid Accounts|Graphical User Interface||Block Command Message|| |Modify Control Logic||Alternate Modes of Operation|Modify Reporting Settings|Exploitation of Vulnerability|Role Identification|External Remote Service|Command-Line Interface||Modify I/O Image|| |Modify System Settings||Masquerading|Modify Reporting Message|Credential Dumping|Location Identification|Modify Control Logic|Modify System Settings||Exploitation of Vulnerability|| |Memory Residence||Modify System Settings|Block Reporting Message||Network Connection Enumeration||Man in the Middle||Modify Reporting Settings|| |System Firmware|||Spoof Reporting Message||Serial Connection Enumeration||Alternate Modes of Operation||Modify Reporting Message|| ||||Modify Tag||I/O Module Enumeration||||Block Reporting Message|| ||||Modify Control Logic||Remote System Discovery||||Spoof Reporting Message|| ||||Modify Physical Device Display||Network Service Scanning||||Modify Tag|| ||||Modify HMI/Historian Reporting||||||Modify Control Logic|| ||||Modify Parameter||||||Device Shutdown|| ||||||||||Modify Parameter|| ||||||||||System Firmware|| ||||||||||Modify Command Message|| ||||||||||Block Serial Comm Port|| ||||||||||Modify System Settings|| ||||||||||Alternate Modes of Operation|| ||||||||||Masquerading|| ###### Otis Alexander. Modeling Adversarial Behavior against ICS, S4’19 **Command and Control** **Disruption** **Destruction** Connection Proxy Module Firmware Commonly Used Port Spoof Command Message Block Command Message Modify I/O Image Exploitation of Vulnerability Modify Reporting Settings Modify Reporting Message Block Reporting Message Spoof Reporting Message Modify Tag Modify Control Logic Device Shutdown Modify Parameter System Firmware Modify Command Message Block Serial Comm Port Modify System Settings Alternate Modes of Operation Masquerading ----- # Overview of Stages ----- ### Access ###### • Target facility • Discovery • Access to needed assets • Attack execution • Trusted 3[rd] party (staging target) • Access to target facility • Access to needed assets • Process comprehension • Non-targeted/Opportunistic ###### Access Target facility Trusted 3rd party ----- ### Targeting ###### • There are few known cases of strategic targeting • Target might be also selected as best suitable certain criteria • Collateral victim • Opportunistic ----- ### Venezuela, 2019 ###### • Suspected cyber-attack on Guri hydroelectric power plant • Produces 80% of country’s electricity • Details of plant’s upgrade are publicly available, including possible remote access ----- ### Venezuela, 2019 ##### • Produces 80% of country’s electricity • Details of plant’s upgrade are publicly available, includible possible remote access ----- ### Ukraine, 2016 ###### • INDUSTROYER malware was deployed to shutdown electricity distribution at Pivnichna substation • There is no strong indications that victim substation was strategic target • Details of substation upgrade are publicly available ----- ###### • INDUSTROYER malware work was used to shutdown electricity distribution at Pivnichna substation • There is no strong indications that victim substation was strategic target • Details of substation upgrade are publicly available ###### Details of substation upgrade are publicly available ##### malware https://w3.siemens.com/smartgrid/global/en/products-systems- solutions/protection/distance-protection/pages/7sa63.aspx ----- ### Saudi Arabia, 2017 ###### • TRITON malware targeted Safety Instrumented Systems at petrochemical plant • There is no strong indication that TRITON victim was strategic target • Affected site could have been used as live drill and testing platform before attacking strategic target ----- ### Saudi Arabia, 2017 ###### • There is no strong indication that TRITON victim was strategic target • Affected site could have been used as live drill and testing platform before attacking strategic target ----- ### Role of OSINT in Targeting ###### • The Internet is full of proprietary and confidential ###### industrial documentation. • Discovering helpful information about certain industrial facility may provoke targeting ----- ### Role of OSINT in Targeting ###### The Internet is full of proprietary and confidential industrial documentation. Discovering helpful information about certain industrial facility may provoke targeting ###### • The Internet is full of proprietary and confidential industrial documentation. • Discovering helpful information about certain industrial facility may provoke targeting ###### The Internet is full of proprietary and confidential industrial documentation. Discovering helpful information about certain industrial facility may provoke targeting ###### • The Internet is full of proprietary and confidential industrial documentation. • Discovering helpful information about certain industrial facility may provoke targeting ----- ### Targeting 3[rd] parties (supply chain) ###### • Getting access to into target facilities • Getting access to needed assets/equipment, E.g. through maintenance support contracts • Obtaining information related to target or potential victims Engineering/networking/config documentation User application (control logic), etc. ----- |National Advisories on the Threat|Col2|Col3| |---|---|---| |||| |||| |||| |||| ###### https://www.ncsc.gov.uk/news/ho stile-state-actors-compromising ----- |National Advisories on the Threat|Col2|Col3|Col4|Col5| |---|---|---|---|---| |||||| |||||| |||||| |||||| |||||| ###### https://www.us-cert.gov/ncas/alerts/TA18-074A ###### https://www.ncsc.gov.uk/news/ho stile-state-actors-compromising ###### https://www.us-cert.gov/ncas/alerts/TA18-074A ###### stile-state-actors-compromising- ----- ### Data Exposure is Penalizable in Regulated Facilities ###### • NERC CIP-003-3 standard • Sensitive utility’s network infrastructure data were exposed via server of third- party service provider ----- ### Role of Access Stage ###### • Access stage largely defines the selection of damage scenario • Access driven E.g., obtained access to specific equipment via 3[rd] party remote maintenance contract Did not manage to access Safety Systems • Information driven E.g., obtained specific information about unhealthy state or repairs of equipment ----- ### Discovery ###### • Network reconnaissance • Majority of this stage is similar to traditional IT recon process/attack life cycle, tools may differ • Information enumeration • Process comprehension • Understanding exactly what the process is doing, how it is built, configured and programmed ###### Discovery Network Infrastructure Reconnaissance Process Comprehension ----- ### Discovery ###### Discovery Network Infrastructure Reconnaissance Process Comprehension ----- ----- # Case Study: Water Treatment Plant ----- ### Use Case: Killing UF Filter in Water Treatment Facility ###### Acknowledgement: Sridhar Adepu and Prof. Aditya Mathur, SUTD, Singapore for conducting an experiment for this talk ###### https://itrust.sutd.edu.sg/testbeds/secure-water-treatment-swat/ ----- ### Use Case: Killing UF Filter in Water Treatment Facility ###### • Water treatment process consists of multiple stages, including several stages of filtering • Water filters are expensive • When broken, water supply is interrupted ----- ### UF Filtering: HMI Screen ----- ### UF Filtering: PI&D Diagram ----- ### UF Backwash: HMI and PI&D Diagram ----- ### How Do We Pull This off? ###### • There are tree conditions which can trigger backwash process, each guided by a state machine • Preset timer (every 30 minutes) • UF filter differential pressure (DP) ≥ 40 kPa • Plant shutdown ----- ### How Do We Pull This off? ###### • There are tree conditions which can trigger backwash process, each guided by a state machine • Preset timer (every 30 minutes) • UF filter differential pressure (DP) ≥ 40 kPa • Plant shutdown ###### There are tree conditions which can trigger backwash process, ----- ### How Do We Pull This off? ###### • UF filter differential pressure (DP) ≥ 40 kPa • Plant shutdown ----- ### One Possible Attack Execution Scenario |Stage 6|PLC6|Col3| |---|---|---| |||| |||| ###### Pressure in UF membrane will increase. HOW MUCH? ----- ### Control Stage of Process Comprehension ###### • Average UF filter DP is ≈ 12-13 kPa • Max DP is 98 kPa, reached in 8 sec • Process recovery (return to normal) is 5 sec • Note, this data still does not tell us whether this pressure kills the UF filter and how quickly ----- ### Control Stage of Process Comprehension ###### • Average UF filter DP is ≈ 12-13 kPa • Max DP is 98 kPa, reached in 8 sec • Process recovery (return to normal) is 5 sec • Note, this data still does not tell us whether this pressure kills the UF filter and how quickly ###### Note, this data still does not tell us whether this pressure kills ----- ### Damage ###### • Requires subject-matter knowledge (engineering) • Cant take several forms • Explosions (of course!) • Equipment breakage • Pollution • Product Out of Specification • Increased production costs, etc. https://img.izismile.com/img/img5/20120306/640/chemical_plant_accident_in_germany_640_04.jpg ###### Obtaining Feedback https://img.izismile.com/img/img5/20120306/640/chemical_plant_accident_in_germany_640_04.jpg ###### Preventing Response ###### Damage ----- ### Attack Design != Implementation Success ###### FIT401 Spoofed value PLC5 Attckr PLC4 Reverse Osmosis 1.1 UV401 filtering OFF 1.1 FIT401 Spoofing to 0.4 Attckr 2.1 AIT502 LIT401 Spoof to Low Flow meter ORP meter Tank Pump FIT401 AIT502 T401 P401 De-Chlorinator UV401 ###### PLC5 Reverse Osmosis filtering 2.1 AIT502 Spoof to Low ORP meter AIT502 ----- ### Cleanup ###### • In traditional hacking it is possible to execute the entire attack without being ever detected • In process control it is not an option because of physical effect • Create forensic footprint of what the investigators should identify as cause of the incident/accident E.g. time attack to process troubleshooting ----- # Why Implant? ----- ## Implant “Hardware or software modification designed to gain unauthorized control over specific system functionality.” ## ” ----- ## OT Payload “Digital implementation of (part of) a cyber-physical attack” ----- ### Why Implant ###### • Why not just modify control logic / change setpoints / send malicious command? • For more complicated attacks • Coordination, Feedback, Speed, Low-level functionality access • Many scenarios possible without implants • Eg. Ukraine 2015 & 2016 ----- # Where to Implant? ----- ### Where to Implant? ### Where to Implant? ----- ### Network Equipment ###### Manipulating OT traffic Observing & learning OT traffic ### Network Equipment ###### Dropping traffic to cause loss of Manipulating control / view by OT traffic suppressing alarm or signal ----- ### Process & Safety Controllers ###### Measure attack progress Manipulate IO ###### Suppress condition monitoring alerts Measure attack progress Prevent Safety Response ----- ### Field Devices ###### Spoofing sensor data at high speed ###### Overriding digital safety mechanisms ----- # How to Implant? ----- ### We want smooth native code execution ##### • Need access to low-level, privileged functionality ###### • Memory-/Port-Mapped IO (MMIO/PMIO) • Kernel memory objects • Logic runtime memory • Persistence mechanisms ##### • Ideally via silent hot-patching ###### • No reboots, no service restarts, no process upsets ----- ### Implant Delivery Vectors ----- ### PLC 101 - Architecture #### Modular Standalone ###### Power Supply, CPU, I/O, Comms, … ----- ### PLC 101 - Backplane #### Inter-Module Databus ###### Multibus, P-Bus, VMEbus, X-Bus, STD-32, PCIe, … ----- ### PLC 101 – CPU Module Internals ----- ### PLC 101 – Boot Sequence ----- ### PLC 101 – Logic Program Execution ----- ### PLC 101 - Scan Cycle ----- ### Implant Access ----- ### Implant Installation ###### Escalate Disable Relocate Ensure Set Hooks Go Resident Privileges* Diagnostics Implant Persistence* Implant stability Eg. modify firmware or stored logic in flash ###### Set Hooks Go Resident ----- ### Implant Design Considerations ###### Active Implant ###### Dormant Implant ###### Persistence ###### • Includes OT payload • Limits detection / network forensics exposure ###### • OT payload delivered later • Limits forensics exposure ###### • Complicated by code signing • Need ability write to flash & enough space ###### Memory Residence • No reboot survival • Limits forensics exposure ----- ### We want scalability ###### • Target different vendors’ systems with similar implant functionality • But limited number of players out there • Eg. construct arsenal of generic templates for key DCS & safety controllers • One time upfront investment no ----- ### Complication: Heterogeneity ###### Processor OS Runtime IO Memory Security ###### Runtime ----- ### Complication: In-House vs Commercial ###### Proprietary Runtime ----- ### Example: Triconex SIS ###### • In-House OS + Runtime, different processors & OS variants between versions of same product ###### Triconex MP 9 (3006) ###### Triconex MP 10 (3008) ###### Triconex MP 11 (3009) ###### Triconex MP ----- ### Counter-Example: Rise of Commercial RTOSes & Runtimes ----- ### Complication: Resource Constraints ###### • MPC860, 50 MHz • 6 MB Flash • 16 MB DRAM • 32 KB SRAM ### You better enjoy ###### Will need to fit implant in there • Signals processing? Malicious logic? Comms? Often stretched by normal ###### • • • • ###### functionality already ### programming… ###### • ARM9, 14 MHz • 512 KB Boot Flash • 8 MB RW Flash ----- ### Complication: Security Engineering ###### Domain & Firmware & Logic Privilege Sandboxing Signing Separation Exploit Programming ----- # Case Study: TRITON ----- ### TRITON / Trisis / HatMan (2017) ----- ### TRITON Attack Overview ----- ### TRITON injects ‘dormant’ implant into Triconex controller memory “Your wish is ###### “Your wish is my command” ----- ### Why not just modify firmware? ###### Firmware Download (FC 0x50: unauthenticated, unsigned) Controller reboots into download mode, logic execution interrupted! Logic Append (FC 0x01: unauthenticated, unsigned) New logic appended to circular linked ###### Controller reboots into download mode, logic execution interrupted! ###### Logic Append (FC 0x01: unauthenticated, unsigned) ----- ### Implant Installation ###### • Safety program executed in user mode • Need supervisor to flush icache & apply mods • Privilege level set in PPC MSR register, NW for user R i S i P i il ----- ### Stage 2: Privilege Escalation ###### • Exploit syscall 0x13 (SOE Status) to modify MSR while in supervisor mode, set saved MSR bit • No memory permissions, can write anywhere in user mode, including kernel globals. Exploit write-what-where. Escalate Disable Relocate Ensure Set Hooks Go Resident Privileges* Diagnostics Implant Persistence* ###### Set Hooks Go Resident ----- ### Stage 2: Disable RAM Check ###### Originally conditional branch ----- ### Stage 2: Relocate Implant ###### Ensures Residence Even with full logic wipe Escalate Disable Relocate Ensure Set Hooks Go Resident Privileges* Diagnostics Implant Persistence* ----- ### Stage 2: Modify Network Command Handler ###### • Entry 0x1D (Get MP Status) • Allows for network comms |Disable Diagnostics|Relocate Implant| |---|---| ###### Set Hooks Go Resident ----- ### Stage 3: Implant ----- ### Stage 3: Implant ----- ### Stage 4: OT Payload ##### • Once implant is injected we have dormant ‘god mode’ ###### • Arbitrary supervisor RWX over network ##### • Deliver OT payload at later moment • Not recovered from incident, but we can speculate … ----- ### AGENDA ###### 1. Introduction 2. Cyber-Physical Attack Lifecycle 3. Implants 4. OT Payloads 5. Conclusion ----- ### Damage Stage ###### 1 Manipulate the process Direct Indirect Manipulation Deceive controller/ of actuators operator about process state (e.g. spoof sensor) ###### 3 ###### 1 ###### Modify operational / safety limits ###### 1 ###### process state ###### 2 Prevent response Control / Safety System Modify Blind about operational / process ----- # I/O Manipulation ----- ### I/O Manipulation ##### • Simple concept, non-trivial execution • Many different approaches ###### • Depends on how IO image tables are populated, how IO is wired to chip executing logic • Different technical ways to achieve same goal ----- ###### • Memory Breakpoint • Patch Instructions • Change Memory Permissions ### I/O Manipulation ###### Change Memory Permissions ----- ### I/O Manipulation ###### Hook bus handler routines ----- ### Complication: Field Device Limitations ###### • Cyber limitations might be placed on theoretically feasible functionality for protective reasons* • Valve closing speed • Non-digitally alterable VFD skip frequences • Prevents IO manipulation from achieving desired result • Overcoming this requires implanting field device • Patch out limitations / sanity checks ----- # Alarm Suppression ----- ### Alarm Suppression ##### • Again: simple concept, non-trivial execution ###### • We want to prevent an outgoing alarm being raised or incoming alarm being acted upon ##### • Might require very different approaches ###### • Alarm raised with dedicated protocol message • Alarm signal via IO • Alarm bit in flag accompanying read PV ----- ### Alarm Propagation ###### Goal: catalyst deactivation Alarm Safety Alarm shutdown ----- ### Hiding Alarms ----- ### Suppressing Alarms ### Suppressing Alarms ----- ### Example: Simple water tank level alarm ###### Safety program resides in memory as code modify ----- ### Finding Instructions to Patch ----- ### Hot-Patching Safety Program ----- ### Alarm Suppression ----- # Alarm Relaxation & Tightening ----- ### Why relax or tighten instead of suppress? ##### • Don’t prevent alarm from being raised but change conditions ###### • Limits, deadband, priority ##### • Relax: Stealth during scheduled testing • Tighten: Cause hard-to-resolve alarm storms ----- ### Hook functionality that decides whether to raise alarm ##### • Can be data (limit, priority, deadband): overwrite in RAM ###### • Make sure to spoof values when queried! ##### • Or code (alarm logic): patch instructions ----- # Implant Communication ----- ###### moisture, … ----- ### Expectation vs Reality ###### Might not see much electronic ###### These can be in completely different parts of the process, on different networks ----- ### Process state change detection ###### Non-Parametric Cumulative Sum (NCUSUM) ----- ### AGENDA ###### 1. Introduction 2. Cyber-Physical Attack Lifecycle 3. Implants 4. OT Payloads 5. Conclusion ----- ### Conclusion #### Marina Jos ###### tion ###### tion ###### tion #### Jos ###### Attack Integration & Testing ----- ### Appreciation ##### • Sridhar Adepu & Prof. Aditya Mathur • Jason Larsen -----