Thursday, January 3, 2013

DHS ICS-CERT reports malware on power control systems

Happy 2013!

OK, enough frivolity. Let's turn down the Nat King Cole, step out from under the mistletoe, and get down to brass tacks.

First, in case that compound acronym is new to you, it stands for: the Industrial Control System - Computer Emergency Readiness Team, and it lives in the US Department of Homeland Defense.

This organization just issued a public quarterly report that describes, at a high level, a recent incident at a power generation company you'll be interested in. I'll get out of the way and let you read the first bits for yourself:
ICS-CERT recently provided onsite support at a power generation facility where both common and sophisticated malware had been discovered in the industrial control system environment. The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive’s operation.

The employee routinely used this USB drive for backing up control systems configurations within the control environment. When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits. Initial analysis caused particular concern when one sample was linked to known sophisticated malware.

Following analysis and at the request of the customer, an onsite team was deployed to their facility where the infection occurred. ICS-CERT’s onsite discussions with company personnel revealed a handful of machines that likely had contact with the tainted USB drive. These machines were examined immediately and drive images were taken for in-depth analysis.
ICS-CERT also performed preliminary onsite analysis of those machines and discovered signs of the sophisticated malware on two engineering workstations, both critical to the operation of the control environment. Detailed analysis was conducted as these workstations had no backups, and an ineffective or failed cleanup would have significantly impaired their operations.

The full article can be seen HERE.


Unknown said...

This has been ongoing for some time now, in many venues. What most would like to know is, what type of power generating plant was it? Nuclear, fossile fuel, gas...?

Andy Bochman said...

You might want to approach ICS-CERT with your question, and if they like and trust you, you might get an answer. Good luck!

Caloundra Bookkeeping said...

Malwares are really becoming sophisticated nowadays.If it was not investigated, it might not have been discovered.IT's should not be confident all the time and complacent.