PCaaD: Towards Automated Determination and Exploitation of Industrial Processes
This addresses security vulnerabilities in industrial control systems for critical services, representing a novel approach rather than an incremental improvement.
The authors tackled the problem of targeted attacks on industrial Programmable Logic Controllers (PLCs) by asserting that current programming practices enable a new vulnerability class, proposing Process Comprehension at a Distance (PCaaD) as an automatable method for system-agnostic exploitation, and validating it on widely used PLCs to identify practical attacks.
Over the last decade, Programmable Logic Controllers (PLCs) have been increasingly targeted by attackers to obtain control over industrial processes that support critical services. Such targeted attacks typically require detailed knowledge of system-specific attributes, including hardware configurations, adopted protocols, and PLC control-logic, i.e. process comprehension. The consensus from both academics and practitioners suggests stealthy process comprehension obtained from a PLC alone, to conduct targeted attacks, is impractical. In contrast, we assert that current PLC programming practices open the door to a new vulnerability class based on control-logic constructs. To support this, we propose the concept of Process Comprehension at a Distance (PCaaD), as a novel methodological and automatable approach for system-agnostic exploitation of PLC library functions, leading to the targeted exfiltration of operational data, manipulation of control-logic behavior, and establishment of covert command and control channels through unused memory. We validate PCaaD on widely used PLCs, by identification of practical attacks.