Feds: Malware Focusing on ICS

Thursday, June 26, 2014 @ 10:06 AM gHale


There is malware targeting industrial control systems (ICSs) distributed via compromised ICS vendor web sites, according to a report with ICS-CERT.

The ICS vendor web sites had their products’ downloadable software installer infected with a backdoor Trojan known as the Havex Trojan, according to the researchers. Customers of these vendors that visited a compromised site, downloaded, and installed the Trojanized software could end up compromised. This could allow attackers access to their networks including those that operate critical infrastructure.

RELATED STORIES
Malware Targets ICS/SCADA
Highway Sign Fix: Change Default Password
OpenSSL Security Advisory Released
Highway Sign Software Vulnerability

In addition, ICS-CERT is conducting analysis to determine possible linkages between this activity and previous watering-hole compromises and malware campaigns. ICS CERT will provide updates as they become available.

ICS-CERT has also posted a TLP Amber report regarding this activity to the control systems compartment of the US-CERT secure portal.

This report came from an independent organization and provides technical details and analysis of the malware.

ICS-CERT is analyzing the research and coordinating with partners to:
• Evaluate the install/deployment base of the reported affected vendors
• Provide additional indicators of compromise
• Identify any affected entities in the US
• Reach out to the compromised ICS vendors and offer assistance in identifying those customers that may have visited the web site and downloaded the Trojan

ICS-CERT is currently coordinating with the vendors and security researchers to identify mitigations.



Leave a Reply

You must be logged in to post a comment.