Event Details

ONG-ISAC ONG-ISAC & Dragos Event

View Calendar
September 28, 2021 10:00 am - 2:00 pm

ONG-ISAC & Dragos Event

Title: Social Engineering, Threat Hunting Design, Securing Historian Architecture, & Securing Historian Architecture

CPE Credits: 4 hours


10am Opening Remarks by Angela Haun and Sam VanRyder

10:15 am Social Engineering specifically targeting Oil & Gas

11:00 Stand & Stretch

11:05 Threat Hunting Design, Implementation, and Execution

11:50 Break

12:10 Securing Historian Architecture

12:55 Stand & Stretch

1:00 Key Insights: Oil and Natural Gas Ransomware Landscape 2021

1:45 Closing Remarks

2:00 Adjourn

Presentation Abstracts:

Social Engineering specifically targeting Oil & Gas

Presenter: Aaron Boyd

Phishing continues to be a successful tactic in causing brand, financial, and/or operational damage to organizations globally. While phishing tends to cast a relatively wide in terms of targets and typically utilizes malicious e-mails containing attachments and/or links to webpages to capture private data, social engineering is a tactic to take it one step further. Social engineering involves psychologically manipulating users into divulging information and/or performing specific actions. Unlike phishing, social engineering attacks are more typically than not targeted on a smaller number of users and also very successful as it as it relies completely on the cybersecurity awareness of the target(s). This talk will review some of the tactics and techniques, including examples, that have been successful in engagements when performing social engineering on targets in the Oil & Gas industry. Additional information will also be shared to assist organizations in raising cybersecurity awareness to assist users in detecting potential social engineering activity.

Threat Hunting Design, Implementation, and Execution

Presenter: Casey Brooks

Casey Brooks, a Principal Adversary Hunter at Dragos will present several methods for designing, implementing, and executing threat hunts for ONG security teams.

In designing threat hunts, participants will learn to create the initial ideas for threat hunting, for both the network and host levels, identify possible adversary techniques that are a risk to defenses, and methods for constructing hunting queries. In the implementation portion, participants will learn to organize their threat hunt objectives, identify gaps in information or logs, how to leverage threat intelligence in building the threat hunt, and capabilities that enable success. In the Execution portion, the audience will learn to perform systematic hunting steps to identify activity designated in the previous steps, but also to create continuous processes to improve each iterative threat hunt.

Securing Historian Architecture

Presenters: Gloria Cedillo, Mike Hoffman

Although process historians are a ubiquitous fixture in ONG environments, their architectural implementations vary considerably and are often done so insecurely. Adversaries can abuse these architectures to gain initial access leading to eventual control manipulation. This talk will review some of these adversarial tactics and techniques and provide improved design practices that will allow the ONG community to enhance the security of the architectures around their process historians.

Key Insights: Oil and Natural Gas Ransomware Landscape 2021

Presenter: Anna Skelton

Ransomware remains a preeminent threat to the oil and natural gas cyber landscape, with threat actors causing disruption by targeting entities across the supply chain. This talk will leverage unique Dragos research to analyze which oil and natural gas entities are frequently targeted by which ransomware families, as well as the evolution of both ransomware families and their targeting priorities throughout 2021. We’ll conclude with a discussion on how to read between the lines of cyber incident reports to discern the degree of operational technology impact, as well as how to utilize network telemetry to identify other victims that may not have been reported on data leak sites or in media.