In August, Jimmy Wylie and I presented at DEF CON 33 on Dragos’ process for determining whether a given capability qualifies as “ICS-specific malware.”
We presented a basic rubric for making the determination and included three example capabilities that I discovered while threat hunting and why, even though they might look like it at first glance, they do not qualify as ICS malware.
Give it a listen!