Well, recently, there has been some small-scale ransomware attacks targeting relatively commodity Network Area Storage (NAS) devices such as those by QNAP or NetGear, and so I thought it would be fitting to see how a ransomware strategy plays into a threat scenario with often directly connected remote devices often seen on Shodan. Using the same target devices, I will use their “sinking” to my advantage, and leverage that information to build malicious firmware, access functionality on hardware using a low-cost probe/logic analyzer and look towards the future – ransoming an embedded ICS device. It may not be a completely greenfield strategy, but it might be among the first to be explored in a public scenario.
Attendees should walk away with an understanding of:
- How the research target was selected, and how a SBOM lead to this further research
- How to scope hardware and begin the process using a scope or serial adapter to find an entrance
- How firmware was created and uploaded to the research targets
- How ransoming is a definitive possibility when dealing with embedded systems
- And some observations about reducing risks in this scenario for OEMs and & asset owners