Hackers Plan Attacks On Key US Industrial Control Systems

Uploaded on 2022-04-20 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy, TECHNOLOGY--Hackers

Hackers have developed new custom tools to gain full system access to a number of industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices, according to the US Cybersecurity and Infrastructure Security Agency (CISA). 

The Department of Energy, US Cybersecurity and Infrastructure Security Agency (CISA), the NSA, and FBI urged critical infrastructure operators to upgrade the security of these devices and networks in a joint cyber security advisory notice. 

"The APT actors have developed custom-made tools for targeting ICS/SCADA devices," the multiple US agencies said in an alert. "The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network." the notice said. 

One of the cyber security firms involved, Mandiant, said in a report that the tools’ functionality was “consistent with the malware used in Russia’s prior physical attacks” though it acknowledged that the evidence linking it to Moscow is “largely circumstantial”.

This warning states that certain advanced persistent threat actors have developed new custom tools that have the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices, including:   

  • OMRON Sysmac NEX PLCs
  • Open Platform Communications Unified Architecture (OPC UA) servers.

The custom tools are designed to target programmable logic controllers from large companies such as Schneider Electric. CISA says the tools allow for "highly automated exploits" against targeted devices,  although CISA does say there is a low risk that the tools will lead to highly automated exploits against devices in the critical infrastructure sector being targeted. 

The agencies are urging organisations to "isolate ICS/SCADA systems and networks from corporate and Internet networks using strong perimeter controls, and limit any communications entering or leaving ICS/SCADA perimeters."  They also recommend using multi-factor authentication for remote access to ICS networks and devices, to change all passwords to them regularly, and remove all default passwords.   

Security firm Dragos, which specialises in ICS, has named one of the new custom tools 'Pipedream' and say this is the seventh such ICS specific malware they have seen. Dragos has traced the tool back to an advanced persistent threat actor called Chevronite. Mandiant has named the malware INCONTROLLER after working with Schneider Electric to analyse it.

The government agencies are urging critical infrastructure organisations, particularly those in the energy sector, to put in place recommended detection and mitigation processes, including using strong perimeter controls to isolate ICS and SCADA system and networks from corporate and Internet networks and limit communications entering or leaving those perimeters. They also recommend using multifactor authentication for remote access to ICS networks and devices.

Along with isolating ICS and SCADA systems and leveraging multifactor authentication, the US agencies also are recommending such steps as having a cyber-incident plan in place. Also, they advise users to change all passwords and use strong passwords, maintain backups, implementing strong log collection and retention from ICS and SCADA systems and ensuring that applications are installed only when necessary for operation. 

CISA:    Reuters:      InfoSec Today:     Guardian:     Oodaloop:     ZDNet:     The Register:   The Hackers News:

You Might Also Read:   

Operating Technology Security Issues Are Increasing:
 

« Pegasus Spyware Used To Target British Prime Minister
The Vital Importance Of Pen Testing »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Coalfire

Coalfire

Coalfire specialises in cyber risk management and compliance. Our services span the cybersecurity lifecycle from advisory and compliance, to testing and engineering, monitoring and optimization.

Institute for National Security and Counterterrorism (INSCT)

Institute for National Security and Counterterrorism (INSCT)

INSCT is a center for the study of national security, international security, and counterterrorism. Research programs include New Frontiers in Science, Cyber, & Technology

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

Bit4id

Bit4id

Bit4id provides technologies for electronic signature, online authentication, cybersecurity and all other services based on the concept of digital identity.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

CyberTech Network

CyberTech Network

CyberTECH is a global cybersecurity, Internet of Things (IoT) and Smart City network ecosystem and incubator operator.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

Thoma Bravo

Thoma Bravo

Thoma Bravo is a leading private equity firm with a 40+ year history and a focus on investing in software and technology companies.

ENSCO

ENSCO

The ENSCO group of companies provides engineering, science and advanced technology solutions that guarantee mission success, safety and security to governments and private industries worldwide.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.

Keeran Networks

Keeran Networks

Established in Edmonton in 1999, Keeran specializes in delivering comprehensive IT support and solutions aimed at optimizing technology investments for businesses.