Home » Security Bloggers Network » US Government warns of new malware attacks on ICS/SCADA systems

US Government warns of new malware attacks on ICS/SCADA systems

by Graham Cluley on April 14, 2022

Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure.

In a joint cybersecurity advisory issued by the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA), the NSA, and the FBI, a warning is given that unidentified hackers have created specialist malware that can cause major damage to industrial operations, and that the energy sector in particular should follow advice on how to defend and mitigate against the threat.

The advisory explains that custom-made tools have been created that target industrial control programmable logic controllers (PLCs) from OMRON and Schneider Electric, and servers from the open-source OPC Foundation.

As the advisory describes, the tools developed by the hackers enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network.

Furthermore, the attackers can exploit a vulnerability (CVE-2020-15368) in an ASRock motherboard driver to compromise Windows workstations used in IT or OT environments, helping them to move laterally through an organisation.

Sponsorships Available

What does all this mean? It means that an adversary could disrupt, degrade, or even potentially destroy control systems used in industrial environments, potentially sabotaging operations involving electric power and liquified natural gas.

Security firm Dragos says it has been tracking the malware, which it has called “PIPEDREAM”, since early 2022.

The firm warns that “PIPEDREAM can affect a significant percentage of industrial assets worldwide.”

And it’s clear that the threat is serious, with the government’s warning – for instance – describing some of the ways in which the malware can impact Schneider PLCs:

Conduct a denial-of-service attack to prevent network communications from reaching the PLC
Sever connections, requiring users to re-authenticate (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/us-government-warns-new-malware-attacks-ics-scada-systems/