PIPEDREAM Malware: Understanding and Mitigating the Threat

The last year has brought unprecedented attention to the cybersecurity risks facing operational technology and industrial control systems. CISA’s new alert on APT Cyber Tools Targeting ICS/SCADA Devices adds even more urgency to the conversation, bringing to light a suite of tools called PIPEDREAM that could be used to execute attacks on oil and gas facilities, the electrical grid, and other critical infrastructure assets.

PIPEDREAM provides a set of tools designed to compromise commonly-used industrial control devices and facilitate a wide range of actions, including the manipulation of physical processes within industrial facilities. Devices vulnerable to PIPEDREAM attacks include Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers. Other manufacturers and device categories are likely to be vulnerable as well.

The full scope of the threat is not yet known. However, PIPEDREAM represents a significant escalation in efforts to compromise and attack critical infrastructure. A few key takeaways from the CISA alert are immediately clear.

OT-specific malware is a growing threat

To date, most attacks against critical infrastructure operations (the Colonial Pipeline attack, for example) have been aimed at IT networks, using the same tools and tactics that might be used against endpoints and servers in any other IT environment. But that may soon change.

PIPEDREAM is among a small but growing number of tools created specifically with OT networks and assets in mind. With capabilities designed to exploit the unique vulnerabilities and functionality of PLCs and other operational technology devices, PIPEDREAM demonstrates a growing interest among threat actors in disrupting physical processes and doing real-world damage.

Attacking OT and ICS will get easier

The lower levels of OT networks have traditionally been out of reach for the average threat actor, because accessing and manipulating them required specialized skills. And while (Read more...)