Kyle Wilhoit has found and analyzed a large portion of the ICS malware found in 2014 / 2015. He goes into the details of:

– The Sandworm group looking for Internet exposed HMI and their targets

– Blacken / Black Energy targeting the GE Cimplicity HMI

– Havex scanning OPC Servers (including videos showing it being installed and exploiting the system)

– Trojanized SCADA software … WinCC (32 samples), Advantech (24), and Cimplicity