SecTor 2025 | Tracing Adversary Steps through Cyber-Physical Attack Lifecycle

SecTor 2025 | Tracing Adversary Steps through Cyber-Physical Attack Lifecycle

MediaVideo
Yanac

Cyber operations are increasingly being militarized, with cyber commands being moved under national Ministries/Departments of Defense or simply military forces. In this new setting, cyber-physical security is destined to become a potent weapon. But is the mostly civilian defense ready to deal with such a capable adversary?

Ten years ago, at BH USA 2015, I presented a cyber-physical attack lifecycle, the first and to date the only attack lifecycle which specifically describes the steps the attacker needs to take to architect and practically implement an attack that leads to a desired physical impact. After the initial release and highly positive feedback, I further refined the attack lifecycle and extensively verified it on several complex cyber-physical systems such as traffic lights and moving bridge systems. The truth is that, to date, mostly state-associated types of users benefited from the framework, while the civilian sector is still struggling to find pragmatic approaches to cyber-physical risk assessments and adversary emulation exercises. Vendors similarly lack a structured approach to assess their solutions for both exploitability and post-exploitability.

This talk will present the finalized version of the cyber-physical attack lifecycle, with two attack stages, and illustrate its utility with the example of designing a targeted attack on a Real-Time Locating System (RTLS), a class of localization solutions used for, e.g., medical patients’ location tracking, safety geofencing, contact tracing, and more. Starting from a vulnerability in a communication protocol and ending with fooling the solution operators, the talk will demonstrate numerous nontrivial hurdles the attacker needs to overcome to reach the desired outcome. Spoiler: math and geometry are involved.

The talk will conclude with a close examination of how rapid advancements in AI technologies are expected to streamline the process of designing high-precision cyber-physical attacks by automating previously manual or highly laborious tasks and partially replacing the need for SME inputs. Last but not least, the talk touches upon the relevant threat landscape in Canada to date.

By: Marina Krotofil | Cyber Security Engineer, Critical Infrastructures, mk|security

Presentation Materials Available at:
https://blackhat.com/sector/2025/briefings/schedule/?#cyber-physical-exploitation-tracing-adversary-steps-through-cyber-physical-attack-lifecycle-47456Black HatRead More