Cynalytica’s Discovery and Analysis of a New and Sophisticated Malicious Cyber Campaign Targeted against the US Oil & Natural Gas Sector

Cynalytica will present on November 5th, at the MOSAICS* JCTD** Industry Day, its discovery and analysis of a new and sophisticated malicious cyber campaign targeted against the US Oil & Natural Gas Sector – labeling the new campaign “Laertes-Odysseus” after the creator of the Trojan Horse. Cynalytica, using its newly developed genetic malware analysis, detection and forensics tool “CyShrike”, has been able to directly identify polymorphic and functional links to previously known malware campaigns directed at IT and OT sectors in global critical infrastructure that others have been unable to do.

In early 2020, an Oil & Natural Gas partner identified a system attempting to establish unauthorized connections outside their OT network. While this attempted activity was promptly discovered and quarantined, current commercially-available solutions were unable to meet the partner’s forensics needs to establish more relevant and useful information to act on. Cynalytica’s CyShrike tool was able to quickly identify key components, functions and relationships to prior malware families and helped provide early indicators of compromise (IOC’s). Additionally, CyShrike was able to furnish useful identification of malware family components to provide a more complete understanding of the malware and the breadth of the malware campaign, as well as give forensic responders key artifacts to focus their attention and response.

Unlike conventional anti-malware and anti-virus solutions that require complex heuristics or signature matches for detection, CyShrike applies genetic analysis principles to determine code provenance. This allows the CyShrike tool to detect polymorphic malware and zero-day exploits by identifying hereditary similarities as well as provide historical context to inform incident responders. CyShrike’s fidelity and speed help automate and focus a security team’s forensic capabilities, cutting analysis time and allowing operators to scale their response to the threat at hand.

To register for the MOSAICS JCTD Industry Day or view presentation materials, please visit: https://rdp21.org/mosaics-industry-day-2/

*More Situational Awareness for Industrial Control Systems

**Joint Capability Technology Demonstration

Link to Twitter