ICS malware analysis study: BlackEnergy
Over the past few years, we have witnessed how cyberattacks in the industrial world have been growing and evolving, causing large-scale production and security problems. One example of this is the BlackEnergy malware.
BlackEnergy malware became known for being successfully used in attacks that sabotaged different electricity distributors and caused the loss of electricity to 1.5 million people in Ukraine.
This study shows the evolution of cybersecurity and the changes made in industrial environments as a result of these cyberattacks, with the intention of preventing them from happening again.
It begins with a historical review that shows the evolution from its appearance to the latest version detected, which will allow us to see how it has affected industry, analysing the reasons for its success.
The second part of the study concentrates on the different types of analysis possible, on the preparation of the environment and on the different types of tools that allow this to be carried out.
Finally, an example of a detailed technical analysis of a sample is shown, describing the steps followed, including the creation of a secure environment, the installation of the software and the use of commands to obtain as much information as possible from it. In addition, indicators of compromise and Yara rules are provided to facilitate threat detection.