The June 2021 Knowledge Pack has been released and is now available to Dragos Platform customers.
Our platform engineering teams have been hard at work since the last Knowledge Pack release to incorporate several updates that customers in various industrial sectors will appreciate – including oil and gas, manufacturing, and utilities. This month, we are adding new characterizations for Honeywell (Experion) assets using Server Discovery Protocol, making it easier for controller firmware versions to be extracted from FTE messages. In addition, OASyS DNA traffic is now dissected, and hostnames are extracted for use in the Dragos Platform. Discovery for RSLinx software via EtherNet/IP traffic has been enhanced to provide greater coverage.
Several new detections were also added, including indicators for Zebrocy C2 traffic, DARKSIDE ransomware, B374k web shell, Browdec.exe credential stealer, and the reGeorg Tunnel. Detections for suspicious activity such as TeamViewer traffic to an OT Device, use of a PowerLogic backdoor account, and a hardcoded certificate in Siemens SCALANCE X were also added.
Each Knowledge Pack contains the latest indicators of compromise from the Dragos Threat Intelligence team, automating the detection of pieces of forensic data that may identify malicious activity on an industrial network. They also provide regular updates of the latest protocols, threat intelligence analytics, ICS/OT device data, and investigation playbooks to equip our customers with the proactive, comprehensive information to better understand their environments and detect advanced threats.
With each release, customers will find that the Platform detections have MITRE ATT&CK® Tactics and Techniques mapped to them, providing a common reference for known attack behaviors. Dragos will soon be announcing the results of our participation in this year’s MITRE ATT&CK evaluation. Until then, if you wish to learn more about this framework and how you can put it to use in your organization, we invite you to download our whitepaper, “Mapping Industrial Cybersecurity Threats to MITRE ATT&CK for ICS”.
Ready to put your insights into action?
Take the next steps and contact our team today.