Presented at SecurityWeek’s 2018 ICS Cyber Security Conference
- Robert Lee – CEO, Dragos
- Marc Seitz – Threat Analyst, Dragos
The activity group responsible for the TRISIS/TRITON malware is identified as XENOTIME. After the attack on the safety instrumented system in 2017 the group remained active targeting other environments with different safety systems in other regions of the world. Hunting for the behaviors of this group allows defenders to not only search for existing threats but also identify new threats leveraging such behaviors and prepare confidently to detect and respond to such incidents. In this presentation audience members heard unique insights into the threat and how the Threat Hunt Cycle can be leveraged to provide actionable recommendations on building a collection management framework and applying hypothesis-led threat hunting to test out their collection while creating playbooks for how to effectively and efficiently identify and respond to attacks.