Feds: Malware Focusing on ICS

Thursday, June 26, 2014 @ 10:06 AM gHale

There is malware targeting industrial control systems (ICSs) distributed via compromised ICS vendor web sites, according to a report with ICS-CERT.

The ICS vendor web sites had their products’ downloadable software installer infected with a backdoor Trojan known as the Havex Trojan, according to the researchers. Customers of these vendors that visited a compromised site, downloaded, and installed the Trojanized software could end up compromised. This could allow attackers access to their networks including those that operate critical infrastructure.

Malware Targets ICS/SCADA
Highway Sign Fix: Change Default Password
OpenSSL Security Advisory Released
Highway Sign Software Vulnerability

In addition, ICS-CERT is conducting analysis to determine possible linkages between this activity and previous watering-hole compromises and malware campaigns. ICS CERT will provide updates as they become available.

ICS-CERT has also posted a TLP Amber report regarding this activity to the control systems compartment of the US-CERT secure portal.

This report came from an independent organization and provides technical details and analysis of the malware.

ICS-CERT is analyzing the research and coordinating with partners to:
• Evaluate the install/deployment base of the reported affected vendors
• Provide additional indicators of compromise
• Identify any affected entities in the US
• Reach out to the compromised ICS vendors and offer assistance in identifying those customers that may have visited the web site and downloaded the Trojan

ICS-CERT is currently coordinating with the vendors and security researchers to identify mitigations.

Leave a Reply

You must be logged in to post a comment.