If you're new, welcome to the Darktrace YouTube channel.
We are the world's leading Cyber AI company, and the pioneers of autonomous response technology.
My name is Mariana Pereira, and I am the Director of Email Security Products at Darktrace.
We are really living in the Fourth Industrial Revolution.
The World Economic Forum defines this period as a paradigm shift across industry verticals in which new technologies are fusing
the physical, digital, biological worlds. This fusing of the physical and digital technologies,
which is a major trend that underlines these momentous advances, is also the convergence of
informational and operational technologies, or the IT/OT convergence. A traditional IT environment—including computers,
servers, and a whole range of IoT devices, can make up the traditional cyber ecosystem.
But when this IT environment begins communicating with an OT environment, such as manufacturing equipment or machines,
or other sensors and operational technologies, this becomes a cyber-physical ecosystem. A cyber-physical ecosystem,
where the door is open to cyber physical threats, that is attacks that gain an initial hold in an IT environment,
but then move over to disrupt operations in the OT environment. For example,
an attack originating in the inbox, or anywhere else on an IT network,
can then go on to disrupt the processes directly on the factory floor. And this is exactly what happened recently with the EKANS ransomware.
And to further delve into the details, I would like to invite Brianna Leddy, our director of Analysis.
Brianna,
please tell us more about EKANS, other than it appears to be the first cyber-attack
that was actually named after a Pokemon. And of course a scary looking one at that. Hi Mariana, and thank you for the introduction.
So to provide a little context— first, in June 2020, when Honda announced that it was halting industrial operations
in factories across the globe,
spanning everywhere from India to Ohio, the security industry became acutely aware of new risks to industrial
operations. Honda was hit with a form of ransomware
which frequently targets corporate networks in attempts to either hold data hostage or otherwise
forcibly interrupt critical business practices,
and then demand the ransom. However, this strain had a special twist.
Namely, EKANS was one of the first strains of ransomware 'caught in the wild' that
specifically targets processes related to industrial operations in its kill chain.
This EKANS ransomware directly targeted vulnerabilities in industrial control systems—
or ICS, the computers that control manufacturing
and other physical processes— in its targeting of 65 ICS mechanisms in its 'kill list,'
that is, the list of processes the ransomware interrupts to disrupt industrial operations.
This means that EKANS can be considered the first of its kind, marking a significant evolution in attacker techniques.
Thank you,
Brianna. Indeed, before now ICS machinery-specific ransomware
has been seen in some limited capacity, and mostly it was actually something reserved for academic theory or marketing tool,
but now it really is a persistent threat and a present reality.
And I think EKANS really has revealed attackers are beginning to be very successful at targeting both IT and OT systems in one swift attack.
And in fact EKANS has now revealed that attackers are beginning to successfully target both IT and OT systems with one swift attack,
making the need for security programs that can bridge that gap even more urgent than ever.
What is clear from the Honda attack is that some of the world's largest global conglomerates
are susceptible to these kinds of ransomware attacks.
And so what is needed to protect factory floors from attacks such as this one
is a security solution that can detect the most subtle signs of a threat, learning on the job what is normal for each ICS environment.
Brianna, can you please fill us in on specific vulnerabilities that led to this attack,
and how can organizations strengthen themselves with a defensive solution? Sure thing.
So this specific threat which crosses the line between IT and OT
is enabled by a lack of coordination among the security strategies for IT and OT respectively. Accordingly,
the ability to defend both environments with a single security solution
ensures holistic protection for the entire organization. By correlating disparate data points across SaaS,
cloud, email, traditional network, and OT environments,
Cyber AI can identify and stop even the most sophisticated attacks. Darktrace AI models this normal pattern of
life for every user, device, and controller across both IT and OT. And by
continuously analyzing this data across organization's systems, the AI's unique understanding
of how each facet of a business and dynamic workforce interacts
ensures that any malicious activity is detected seconds after it emerges.
So in the case of EKANS, this self-learning approach would have identified a number of anomalous
behaviors pertaining to the originally infected device—including beaconing to a rare destination,
and the unusual connections to encryption software. Thank you so much,
Brianna. Now, to learn more about our product, I invite you to visit our website, 
 Darktrace.com,
and also see our blog on the EKANS ransomware linked to the description below.
Please remember— feel free to reach out to us on LinkedIn, and thank you so much for following us, and see you next week!
 
