Critical power generation systems inside two US power plants were infected with “known sophisticated malware” that spreads via USB drives, reports the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
The malware, which the team didn`t name, infected a handful of machines during a software update initiated by an outside technician. With supervisory control and data acquisition (SCADA) systems vital in flipping switches and turning dials inside power plans, remote access to such equipment could enable a saboteur or hacker to cause serious infrastructure damage.
“When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits,” according to the ICS-CERT report. “Initial analysis caused particular concern when one sample was linked to known sophisticated malware.”
Because the incident resulted in three weeks of downtime at the power plant, ICS-CERT advised that a strict restriction to vital systems and USB drives needs to be in place to prevent future infections. Even if SCADA systems lack an internet connection, they can still be exposed to malware.
Having no backups in place, the compromised workstations would have suspended normal power plant operations for a long time in the event of an “ineffective or failed cleanup.” With SCADA systems compromised in the past by Stuxnet or Flamer, ICS-CERT believes new security measures should be set in place.
tags
Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024