Recently I have heard about 2 types of ICS malware : INDUSTROYER 2 and PIPEDREAM/INCONTROLLER. They are different in functionality, I know. They also target different vendors and vulnerabilities. I realized that there is a common pattern in ICS malware. So I developed my own formula to analyze this pattern :
ICS Malware (give it any name) = vendor (victim) + Mitre tactics/techniques
So my advice for asset owners and ICS vendors, why don’t you develop your own imaginary malware as a cybersecurity exercise from time to time. Develop your malware using the above formula and name it a name if you prefer like for example “Octopus”. You can also share it with the ICS community as a form of knowledge sharing. Stay away from the news and fear mongering marketers.