Kyle Wilhoit has found and analyzed a large portion of the ICS malware found in 2014 / 2015. He goes into the details of:
– The Sandworm group looking for Internet exposed HMI and their targets
– Blacken / Black Energy targeting the GE Cimplicity HMI
– Havex scanning OPC Servers (including videos showing it being installed and exploiting the system)
– Trojanized SCADA software … WinCC (32 samples), Advantech (24), and Cimplicity