Dead Man’s PLC: Ransoming the Physical World via Operational Technology
Description
Cybercrime is currently the most pervasive threat to organisations who use operational technology (OT), but it isn’t the most significant threat to OT itself. That’s because cybercrime models like ransomware and double extortion are aimed at IT, and simply don’t translate well to OT. However, as cybercriminals diversify and specifically target OT, the development of a viable modus operandi for extortion would be a watershed. In this talk we will introduce Dead Man’s Programmable Logic Controller (PLC), an entirely novel technique for holding OT environments to ransom. Current ransomware attacks depend on data encryption, a tactic ill-suited to OT devices such as PLCs due to its cost, ineffectiveness, and limited scalability. For cybercriminals to successfully target OT assets, they would need exploits for vulnerabilities in each unique device—a considerable challenge given the technological diversity within a single plant, not to mention across organisations or sectors. Even if such an approach were technically feasible, standard engineering response and recovery practices typically involve replacing compromised devices, diminishing the impact of the threat. Rather than rely on exploits and encryption, Dead Man’s PLC utilises legitimate functionality of the victim’s OT against them. Moreover, it circumvents traditional engineering response and recovery practices by considering the entire OT environment as the entity under ransom, meaning that affected assets cannot be managed or replaced without triggering the attack’s consequences. Ultimately, Dead Man’s PLC is a robust, universal method of extortion, which fundamentally redraws the OT threat landscape.
.png)
