CYRIN's New Attack Scenario - On An HVAC Scada System

Uploaded on 2025-01-29 in JOBS-Training, FREE TO VIEW

Brought to you by CYRIN

CYRIN's New Attack Scenario - on an HVAC Scada System

In this new Level Three scenario from CYRIN the student is presented with an OT (Operational Technology) network that controls the HVAC system for a building. Malware in the network has forced the temperature in the building to uncomfortably low values.

The student is tasked with finding the source of the Modbus commands forcing the low temperatures: the computer originating the commands and the malware process on the computer. The malware might have hidden itself; the student must unhide the process and kill it.

The student should have some familiarity with: (1) The Linux operating system, including commands to view processes and network connections, (2) The pfSense firewall. Students without these prerequisites should consider completing the CYRIN labs, Linux Operating System Fundamentals for Systems Administrators and Firewall Configuration with pfSense, before attempting this attack scenario.

Why this is Important
Hackers today have the capability to gain access to company information through the building control systems. The Industrial Control Industry is experiencing rapid digital transformation, driven by the adoption of smart technologies and interconnected systems. While these innovations provide greater efficiency and convenience, they also expose companies to significant cybersecurity risks. Every unsecured IoT device, every connected endpoint becomes a potential target for cyber attacks.

Like all our labs, this new attack scenario is mapped to the NIST NICE Framework, the MITRE ATT&CK Matrix and appropriate NSA CAE-CD and CAE-CO Knowledge Units.

These development efforts keep CYRIN at the forefront of new and innovative ways to train and teach cybersecurity. Inexpensive, easy-to-use and tailored to your schedule, the CYRIN labs are your entry to the world of cybersecurity.

To learn more about our content visit the CYRIN catalog page.

CYRIN – Where Training and Education Comes to You.

Image: Arkadiusz Warguła

You Might Also Read:

Salt Typhoon - The Chinese Telecom Hack:

If you like this website and use the comprehensive7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Immutable Backup: Have The Last Word Against Ransomware
Ransomware Readiness: Transforming Threat Into Organizational Resilience »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

Syhunt Security

Syhunt Security

Syhunt is a leading player in the web application security field, delivering its assessment tools to a range of organizations across the globe.

Trulioo

Trulioo

Trulioo is a leading global identity and business verification company providing secure access to data sources worldwide to instantly verify consumers and businesses online.

TCDI

TCDI

TCDI specializes in computer forensics, eDiscovery and cybersecurity services.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

SaferVPN

SaferVPN

SaferVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

CyberSN

CyberSN

CyberSN is your essential partner in cybersecurity workforce risk management offering solutions that empower leaders to diversify, acquire, retain, and develop their cybersecurity teams.

Componolit

Componolit

Componolit GmbH is a highly specialized company with a strong emphasis on trustworthy software, component-based systems and formal verification.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Balance Theory

Balance Theory

Balance Theory provides the knowledge infrastructure and collaboration center for the cybersecurity community. A networked community to build better cybersecurity outcomes.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.