A Trojan Horse malware program has reportedly “penetrated the software” that runs much of the nation’s critical infrastructure. According to an official ICS-CERT bulletin, the program successfully compromised numerous industrial control systems (ICSs) environments using a variant of the BlackEnergy malware.
“Analysis indicates that this campaign has been ongoing since at least 2011. Multiple companies working with ICS-CERT have identified the malware on Internet-connected human-machine interfaces (HMIs),” the bulletin reads.
“At this time, ICS-CERT has not identified any attempts to damage, modify, or otherwise disrupt the victim systems’ control processes. ICS-CERT has not been able to verify if the intruders expanded access beyond the compromised HMI into the remainder of the underlying control system.”
Nevertheless, notes the bulletin, typical malware deployments have included modules that search out any network-connected file shares and removable media for additional lateral movement within the affected environment.
Jack Cloherty and Pierre Thomas of ABC News confirm the hacked software is used to control a number of complex industrial operations including oil and gas pipelines, power transmission grids, water distribution and filtration systems, as well as wind turbines.
“The hacked software is very advanced. It allows designated workers to control various industrial processes through the computer, an iPad or a smart phone. The software allows information sharing and collaborative control,” Cloherty and Thomas reported. “Shutting down or damaging any of these vital public utilities could severely impact hundreds of thousands of Americans.”
According to Michael Mehlberg, Senior Director of Business Development for Government Solutions at the Cryptography Research division of Rambus, the recent BlackEnergy revelations underscore the need for developers and systems integrators to design more secure national networks from the ground up.
“Protecting critical national systems from sophisticated cyber adversaries clearly requires a hardware-based security approach. As we are witnessing with BlackEnergy, a software-centric strategy to securing our national infrastructure is simply insufficient,” Mehlberg added.
“To avoid potentially dangerous scenarios prompted by interruption of services, system designers should make building strong hardware-based security a primary design goal, rather than depending on frequent patches that are typically issued too little, too late.”
Leave a Reply