TRITON - Schneider Electric Analysis and Disclosure

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

I was really pleased to get the presentation from Schneider Electric I think it represents a major and important change in the ICS vendor community and the community overall because rather than just kind of hold their hand out and do the marketing dance to try to get through something like this they took their knowledge of their device they took the actual malware and the code analyzed it in detail found out what it could do find out what the problems were in their system and then decided to share that with the community which is what we need to help solve these problems and move things forward so you know I hope if you if you feel the same I can't force you to feel the same but if you do I hope you'd at least give them a slap on the back and say thank you for being open with this because as I mentioned I think it's a huge step forward from what we saw with Stuxnet and a lot of the other vendor issues over the last five years please welcome Paul and Andy to the s4 main stage [Music] can you hear me so chefs 1 2 3 last time I was here with a bass so Paul and I are here today to talk about the Triton crisis hatman incident that we all want to talk we're here to announce actually we have a new name for this no I'm just kidding no but we are here to to to follow along the great analysis of fireEye's done and actually dive quite a bit further into the details so without without belaboring the point as was pointed out the malware's intent was to install a remote access trojan you know we we we believe we see out of our analysis that that the developers of this this malware the developers the attackers in this situation had unlimited resources they had a lot of skill they had a lot of time to have unrestricted access to develop this and and we're going to make this point a few times to develop this malware because this looks like this was malware that was under development they clearly had strong mal-intent here there was something malicious that they were planning and yes we also want to see what this attack ultimately would have been and that high scale that's produced a rat that ultimately gave the attackers read/write/execute over the over the safety integrated system yeah so we're gonna get into the malware evaluation we're gonna talk about we've already talked about the elements that have led up to the to the malware infection we're going to get into dissecting the payload breaking it down understanding what its capabilities and abilities are the sample that we used was specifically used to target a specific model of our Tricon safety controller a specific model a specific firmware rather as a matter of fact and as we're seeing the this this this attack this situation has all the hallmarks of a nation-state attack so we're talking security level for we're unlimited resources unlimited skills unlimited time but before we dive into this we just want to make it clear that as you're thinking about this attack you're thinking about what are the precursors to this attack how does this how does this infection take place so the current version of this mount where that we've been working with clearly requires the following it requires access to the safety network some either either local physical presence access to that network or remote access you need to have the ability to load the malware into the Tricon which implies that there's some sort of compute computer laptop PC that you have access in this incident it's been mentioned a few times the Tri Station terminal was actually that that machine that was used to launch the attack and specifically are try cons come with a memory protect mode so there's a switch on the front panel that allows you to protect the memory from being written to so one of the precursors to this attack is that in fact that key switch has to be in program mode so with these precursors in mind with this these this Mal intent of these attackers in mind we're gonna talk about the analysis now it's Paul thank you thanks Andy what do I do you do this is forward okay do I get it okay great all right thanks a yeah my name's paul 40 i'm architect here at cyber like sagar Schneider Electric's sorry we've been doing putting a little Timmy late hours but a lot of people were involved in this I need to really do some shoutouts first of all the customer itself enabled us to get in there and preserve all the forensic evidence within four hours of the incident it was a massive amount of data that was captured for this that had to be perused and parsed out to find out what was going on but they were very very helpful in doing this and also every week we're calling us having meetings making sure things were getting done so a mandiant fire I of both I'm a man yet and Drago's both were we're sharing all of their research with this as it was going on and those bulletins that you saw come out they were definitely not blindsiding us they were definitely including us and letting us put our mitigation pieces into their bulletins as well as with the DHS bulletins clarity I'm bugging us every day helping us and showing what they've found out about this thing there are there ways of detecting it on the wire which are impressive I hope you've seen that that they've done and wanting to run those by us and work with us on this sort of thing fear sex some of the leaders in in memory based attacks of which this is and that we have been working with in that field for a while in the PC based industry of learning about rock programming and how to defend against that these guys are our monsters and that secure easa team looking at what was with all these Wireshark traces that we had you know going through mounds and mounds of those and be able to pull out real valuable data out of these things that brought insight into this investigation and Maccabee you know within hours of actually getting the sample they spread the definitions out worldwide blocking the the trilogue EXCI as a piece of malware on a PC the FBI DoD DARPA did they were all helping wire together this this consortium of people that wanted to find out what this thing was really doing what was up to you have to really call out Ian Stewart he was he was one of our main researchers on this from the INL great guy 25 year old linguistic major can you imagine he did some of the key investigation pieces in that that were really talking about today and helped get this thing really off to the great start that it did so I'm moving on as we talked about before you know trial like X he sat on the PC node it was a bunch of Python script it wasn't intended to lab last very long but it de belem and the attackers developed the library of protocol calls that the try station itself would normally use and that's what it used to be to talk with and download things into the controller now the controller has those functions if you bring up a try station today you'll be able to download your ladder logic program or whatever it is to the controller itself and have those things being executed by the scheduler happening inside the try cond but its main job was number one as you saw from Blake was to just to send in one big hex string which was it makes the powerpc a script or a program actually that set up all the the the status register that was going to be used by the injector tool itself to basically find out if I'm really on the right controller and I'm in the right version of the firmware it knew where was going and we knew where was targeting and if any of these things would fail it would bail I put error codes there it's not really true there's it had no real error codes there was it looked for an F if it sought an F had bailed that's it so it was intended to work there was no no doubt in mind that it did not intend to fail and and the the only failure modes that were recovered here at all the old codes were that it wasn't in the right place so I'm just gonna bail other than that straight through logic as as the Andy said very well written and and and people talk about bugs a lot of these bugs are put in there to throw off forensic experts you know to just say well if this stuff does get found then then maybe they weren't gonna be able to run it to find out what really and what it really did and that's some of the things that really that's through the investigation for a loop in some cases and then be able to fix it and we get it to run properly was I was really the key to finding out the real intent what do they do and how can you use it and could we use it while you're saying that you actually found bugs in the malware and you what yes as Blake said there was a bug in interpretation of information there but it wasn't as obvious right because how the thing worked and how you would think to get away from that bug was it was was the trick and that's one of the places where Ian really shown shown and and we were able to get by that and get the actual a payload working I hope that answers your question but anyway on that you hear about this this dummy program and it's used because there's no real delete inside the controller you if you want to get rid of a program you just got to override it we have a download all function that goes and wipes everything in there and put your new stuff there and but this this dummy program was the shortest possible PowerPC program you could write it was just one line long open up close goodbye I'm back I'm done but it would use this to get rid of whatever it had in the controller what it was using and and it didn't need anymore and all this stuff like that the very next thing was like the inject bin and I main dot min inject up in is just a tool much like we use on pcs today to inject into process memory and determine how we can guard against those type of attacks but they've written this to run on a trike on and it runs like any other ladder logic type of a program it gets executed by but by our execution scheduler and and does its thing right but when it's done the trilogue dot XE realizes that event I'm finished he comes back and wipes it out again so there's no evidence of it on the computer anymore it just rewrites all those registers to zero well let's go get into that inject dot Bend it's it's basically like I said it looks like any other control program to the trike on but it so it's gonna run on the scan cycle Harry every time they the scan executes its gonna do something else the first three steps are basically trivial in to some extent but it needs to know he's in the right place he needs to be able to take time doing it because this is a TMR setup remember that we have to be able to replicate between controllers and if there's any fault in that then the fault show up and operators see them and by the way that was mentioned earlier to the intent was not to crash these controllers but to have power over them right so and it was just but the use of not writing down something that was functionally or syntactically correct that the Tricon dead tricot has a lot of consistency checks going on to make sure nothing goes down there that it's not supposed to be but anyway this thing checks that it looks for a particular machine state register it looks for a value in that register and if it's the right value he'll also try to read and use this this this particular function to read in write user space memory if that all works he's on the right contrite controller he's on the right firmware he goes about to do its own or his real attack ok this is the exploit so remember inject I've been it's gonna run once and say goodbye nothing else to do but in order to do it in order to get to actually have the ability to do what it did it had to elevate its privilege because you certainly cannot write firmware memory or change anything in the firmware itself unless you're elevated now firmware yeah everybody knows so that it's delivered as flash or or in the earlier versions but into ypres burned into e proms and proms you can't change it on the fly so I mean even though there may be a way to write into some of that but there is no there's no way you can overwrite yourself so the problem is it needed to do certain things in that region so the first thing it did was elevate its privilege and it found a zero-day if they have previously undiscovered and this controller like I said it was 16 years old but it did take that it used it to take himself from the user mode into a mode where he can now activate and read and write the firmware memory ok so he's gonna do he's gonna check certain things he's gonna look to see if he's already infected he's gonna make sure the payloads in the right shape it's got the right start and then walks happening in the right places he's gonna find a place in the firmware region in order to do that you got a read for those zeros right you can't do that without being an admin and then he's gonna take that that blob and stick it into the firmware memory very next thing he has to do is wire it up right so the thing is it's gonna in being in firmware you're not gonna be executed as part of a control program he's sitting there now waiting for someone to tell him to do something but that has that had to be set up by the inject op batt bin and it's basically overriding the the function call a network function call that is it normally takes no parameters and it will actually take parameters which we'll get into on the next slide but then one is done he's now got a rat all wired up into memory running as part of the firmware lots of power like that and then he restores the expected permissions of where things it basically puts the controller back into its normal States makes a call back to the or the the the trilogue XE on fires and says I'm done wipe himself out he hits the dummy program and that's a little program that like said before that some people have seen on the gun infection controller and they feel like that may be a way to actually detect oh that's there may be so if you catch it right here but it's certainly a download all would erase that program but it's not going to erase this program this thing is now resident in memory of the controller and you don't expect controllers to reboot like we would a PC these things run for 15 years and never lose power right so let's go on and just take a quick look at that and I'm it might be too small for very all to see but basically as an architect when I go interview someone about what does what does my software need to do I definitely want to figure out you know the the activities that need to be done in the use cases and how this debt how do I step through this thing into a similar type of a program like this you know using a normal UML or or business process modeling language and you can easily see there that the to swim lanes which would normally be eschewed of course but but they have the Tri log that actually doing its thing setting up the status register right we talked about in the beginning downloading the the blobs the PowerPC blobs to the Tricon getting to the right place and then the actual inject been doing its work of going through the different steps checking to make sure I'm in the right place can I do what I got to do can I elevate my privilege because he's gonna need privilege for those other five or six boxes there on the end that's where I hit the zero day and did its thing easy fix for us difficult you know but never haven't been found before but it was definitely required to make this attack happen so taking it on when you got when you're left over everything's gone that you just saw we don't need trilogue XE anymore you can go get that off your computer inject up in has been wiped out by the dummy program and maybe you've wiped out the dummy program by a download all if you've modified your programs thinking that you that's gonna help you get rid of anything and then so let's talk about this guy he's sitting there a memory he's sitting there waiting for a call and he's gonna wait on a call and that's going to have a sub command ID in it both the ID and of course an input block so if that command is equal to read no problem I go to the address I read the length that you tell me to read we turn it to you and your output buffer it's right it's a little bit different right because I definitely if it's if it's into the normal region fine I'll send it right down that's okay maybe it's another control program I could write that down into the controller another piece some more a lot of logic or whatever or anything that I wanted to write into that control space it doesn't require anything but if it's firmware then I got to do a few extra steps right I have to I have to disable the instruction cache and the data cache and make sure that my interrupts are disabled as well because I don't want anybody to to interrupt me while I'm doing something into firmware memory because that's going to cause the fault and everybody's gonna realize I'm here and all the flags and bombs are going to go off but so anyway and the third thing is the execute you say why do I need execute if I'm just running a lot of logic you certainly don't you know so the execute is only used to execute another payload that's sitting in firmware because there's nothing to execute that there right and this is the payload Paul that we don't know what that well as Blake said yeah it could be anything it could be some commands it could be just a bunch of string of hacks going through there anything that we really don't know but so this is ultimately the attack well while this is all an infection right it's really not the attack yet itself even though during this development of this malware they trip the plant accidentally which as we saw earlier resulted in the discovery of this activity right what we're really talking about is we don't know the ultimate attack plan here we know we know how they got ready for but we don't know that exactly what we've done here is basically just taking the governor off your car right if you were in a car it'll only do 100 miles an hour if you take the governor off you can do 180 all right we've actually done it here so looking at this and pacheco really you know of course I'm sitting there waiting for parameters to come across the wire on a standard Network call that almost never gets called the fixed at it's called used by status programs indeed to do debugging so it's not something you're gonna typically gonna see on the wire but so he's pretty safe there but if it does come with no parameters he can just pass it back to the normal firmware and all everything's good but remember in that future slide there you saw I'm now hooked that um where I'm going over and I'm actually making a branch statement that when I make that call that branch statement results in some address right well that address has now been replaced so that's a bad guy that's the key points are to interrupt Paul but that's a key point about what you're saying here so you're saying that there's a command they know about and if they pass parameters in they recognize it as something for themselves it's not they continue to hide themselves and the track on behaves as it's supposed to behave correct there's other things that define that this is an attacker making the call there were some signing going on some more than their normal crc32 that you would find it--from I Triple E there's a little signature being stuffed in there as well that they could use as well to define and and say this is a program from them versus something from a normal a guy so that that's all handled by PI as more of the details here but in general this is the pictorial view of it like I said when I'm copying when I'm wanting to read some memory I just you know take the address and the link to go read it if I'm writing it I check to see if it's in the firmware region if it's not then I'll just write that address space whether that be another program or not doesn't matter or some parameters to another program that I might want to write later and but if it is in the firmware region do those steps of disabling the the interrupts in the instruction cache so that no one will mess with me while I'm doing that and then of course the execute statement is not required for anything except in the firmware reach in itself so that's my analysis there so far right so where else we're in the homestretch here so there's there's a the questions in that that we we ask now so how does an eider electric go forward from this and how is an industry do we go forward from this we Schneider Electric we recognize that the safety industry demands perfection and as you can see from us merely being present here today we take this very seriously we've uncovered a vulnerability you've heard it twice now you'll hear more about it we've uncovered a vulnerability and a particular portion of our older try cons and we have a fix under way we've updated our threat models so that we now understand this type of threat that has presented itself so that we're not going to repeat this mistake in other products that we offer we're going to continue to work closely with the three-letter agencies with our security partners especially because we're calling the industry to rise up in this situation we're involving our world worldwide customer support organization to help them understand it help them get the message out there in fact I can announce here today that we have a tool this is we're very used to tools that that come in the form of AV to identify virus or malware on your on your PCs and your laptops and your servers we're announcing we have a tool that can actually detect this malware in our Tricon safety controller so this we believe is pretty unique and then we if if detected we also now have techniques to eradicate this from memory as Paul said thinking that by doing a download all your wiping it out isn't going to work we have a technique that actually will help you eradicate this or memory so as I said while this is an incident that involves a fairly specific piece of our legacy offer here our older offer a 16 year old safety controller we are monitoring for indicators of compromised around the world we are we are working with our security partners we have regular telemetry coming in telling us is this incident is this malware being detected elsewhere in the world and so so far we have not seen any indicators of compromised anywhere else in the world we're going to test of course all of our our safety products to ensure that they're not vulnerable to this and that in that we can we can bring assurances to our customer base that they in fact are safe and secure we're going to continue to work with our partner security firms because we believe this is going to be a critical element here and most importantly or as importantly we're going to reinforce the security message to secure the SAS to protect the try cons by using that memory protection key and take on seriously not just ICS dcs security but actually look to your SAS as well well thank you Andy yeah and just as an industry going forward a lot of people think of this as a wake up call you know I don't in particular you know I think it's a call to action and I hope everyone in this room both vendors and customers people selling in security products or control system products of all it's cheating to open your eyes that the information sharing has got to go two ways you know we can't just be sitting there seconding and information from whatever six and taxi feed that you have you have to have the response part as well that's why we're here we like to thank our management for letting us be here a lot of our leadership's our leadership allowing us to be here is a significant step and trusting that we're going to deliver the right message and the fact that we are being open honest and professional about dealing with us right and going forward this industry needs it start developing new defensive technologies to protect and at the end the techno technologies used to actually code in to create products that we can defend this at the core the defense in depth strategies we talked about in the 4-1 standard I'd like to thank Andy he's been a POC at this thing since the beginning he just called me in but later in their life but he's been taking the brutal abuse from all directions in our company please you know thank you Andy for thank you for even great analysis and bringing this message here today thank you all appreciate it [Music] you [Music]

Info

Channel: S4 Events

Views: 10,392

Rating: 4.8202248 out of 5

Keywords: TRITON, TRISIS, HatMan, TRICONEX, Schneider Electric, S4x18, ICS Malware, SIS Malware

Id: f09E75bWvkk

Channel Id: undefined

Length: 25min 52sec (1552 seconds)

Published: Tue Jan 23 2018