Detecting Industroyer with Hillstone Advanced Threat Detection Solution

If the headlines can remind us anything, it’s that hackers are always on the hunt, using the most cutting edge tools to breach and infiltrate networks and assets. This week, reports of a new ICS-specific malware, called CrashOverride or Industroyer , has hit the headlines. Industroyer’s critical differentiator lies in the fact that it uses known protocols in the way they were made to be used. These protocols, designed decades ago, were not developed with security in mind, as they were isolated from the outside world. Therefore, hacking into these protocols simply means that attackers only need to teach their malware “to speak” the language of the protocol. This is where Hillstone Networks provides real value in mitigating attacks in these environments.

To prevent and mitigate malware threats, Hillstone Networks offers the following prevention methods against Industroyer:

  • Anti-Virus Detection Engine – In the virus spread stage, the Anti-Virus detection engine scans the traffic of multiple protocols (HTTP, STMP, POP3, IMAP4, etc.) and matches the detection of known virus files and loading programs according to the most updated library. Meanwhile, the Anti-Virus detection engine can use the URL reputation library to detect downloads and external connection behaviors to block them.
  • Cloud Sandbox – The Hillstone Cloud Sandbox can provide targeted prevention towards derivative variant files. Cloud Sandbox extracts unknown files in traffic, simulates the file execution environment, and dynamically monitors and analyzes the execution behavior of these unknown files. If these unknown files start attack-like behaviors, Cloud Sandbox can capture this behavior and determine the files as malware.

To learn more about the Hillstone Networks layered security platform, please take a look at Hillstone Product Portfolio or talk to Hillstone technical experts.