The May 2021 Knowledge Pack has been released and is now available to Dragos Platform customers.
The challenges industrial operators face with securing their environments is never ending. Not only are OT networks becoming more connected, but it is also increasingly common to see enterprise technology originally intended for IT systems showing up in places that can impact operations. Our analysts incorporate intelligence gained during recent engagements and along with the engineering team codify this real-world insight into product updates to better protect our customers.
This month’s Knowledge Pack contains several new characterizations and detections, including support for the Connection Oriented Transport Protocol (COTP), traffic summary for non-MMS COTP, and detection of COTP errors and connection requests. Of particular interest to many mining companies will be the Minestar operator and location parsing from HTTP traffic, along with hostname detection via DHCP and VNC traffic used more broadly across most industrial sectors.
New Threat Behaviors and Indicators were added as well including detections for multiple program uploads from the same controller, an Impair Process Control Technique sent to a PLC following TeamViewer access to that host, and DNS requests for spoofed “my-sharepoint” domains.
Each Knowledge Pack contains the latest indicators of compromise from the Dragos Threat Intelligence team, automating the detection of pieces of forensic data that may identify malicious activity on an industrial network. They also provide regular updates of the latest protocols, threat intelligence analytics, ICS/OT device data, and investigation playbooks to equip our customers with the proactive, comprehensive information to better understand their environments and detect advanced threats.
With each new release, customers will find that the Platform detections have MITRE ATT&CK® Tactics and Techniques mapped to them, providing a common reference for known attacker behaviors. If you wish to learn more about this framework and how you can put it to use in your organization, we invite you to download our whitepaper, “Mapping Industrial Cybersecurity Threats to MITRE ATT&CK for ICS”.
Ready to put your insights into action?
Take the next steps and contact our team today.