Well, recently, there has been some small-scale ransomware attacks targeting relatively commodity Network Area Storage (NAS) devices such as those by QNAP or NetGear, and so I thought it would be fitting to see how a ransomware strategy plays into a threat scenario with often directly connected remote devices often seen on Shodan. Using the same target devices, I will use their “sinking” to my advantage, and leverage that information to build malicious firmware, access functionality on hardware using a low-cost probe/logic analyzer and look towards the future – ransoming an embedded ICS device. It may not be a completely greenfield strategy, but it might be among the first to be explored in a public scenario.

Attendees should walk away with an understanding of:

  • How the research target was selected, and how a SBOM lead to this further research
  • How to scope hardware and begin the process using a scope or serial adapter to find an entrance
  • How firmware was created and uploaded to the research targets
  • How ransoming is a definitive possibility when dealing with embedded systems
  • And some observations about reducing risks in this scenario for OEMs and & asset owners