David Atch

VP of Research

David is a world-class ICS cybersecurity expert with many years of real-world experience in malware analysis, threat hunting, and incident response. In February 2016, he uncovered Operation BugDrop, a large-scale cyber-espionage campaign targeting critical infrastructure design and other firms in the Ukraine. He also led the team that reverse-engineered BlackEnergy3 and discovered it was designed to perform exfiltration of sensitive information from OT networks via RPC communication using named pipes over SMB. Prior to CyberX, David had a military career in the IDF where he led an elite team of incident responders who continuously hunted and mitigated cyber-intrusions targeting the country’s critical national infrastructure. Most recently, David was invited to present at Black Hat Europe 2017 and the 2017 SANS ICS Security Summit.

CyberX is a Boston-based industrial cybersecurity company founded in 2013 by ex-military cyber experts.

My Sessions

Not Your Father’s AM Radio: Exfiltrating Reconnaissance Data from Air-Gapped ICS Networks By Injecting Ladder Logic Code into PLCs

Sponsor Stage

Air-gapped industrial networks are assumed to be completely isolated from the Internet and corporate IT networks. So once an attacker gets into your OT network — for example, via an infected USB or trojanned vendor update — how can they exfiltrate reconnaissance information to plan future destructive attacks? Or exfiltrate sensitive IP such as secret […]

Attacks and Attackers

A Network Sandbox for ICS Malware

Stage 2

CrashOverride showed us the potential of autonomous, self-directed malware that enumerates and subsequently hijacks ICS devices using their native protocols. What if we could detonate ICS-specific malware in an “ICS Network Sandbox” that detects purpose-built malware before it even gets deployed? By simulating a complete OT execution environment in a virtual or offline state, the […]

Attacks and Attackers Detection & Response