listen here

Choose from 5 Gift Options with a minimum donation of $35

Or you can mail donations to Henry Shivley at P.O. Box 964, Chiloquin, OR 97624

Two US power plants infected with malware spread via USB drive

ARS Technica – by Dan Goodin

Critical control systems inside two US power generation facilities were found infected with computer malware, according to the US Industrial Control Systems Cyber Emergency Response Team.

Both infections were spread by USB drives that were plugged into critical systems used to control power generation equipment, according to the organization’s newsletter for October, November, and December of 2012. The authors didn’t identify the owners of the facilities and there’s no indication the infections resulted in injuries or equipment failures.

The incidents were reported earlier by Threat Post, and they are the latest to underscore the vulnerabilities posed by so-called supervisory control and data acquisition systems that aren’t properly secured. SCADA and industrial control systems use computers to flip switches, turn dials, and manipulate other controls inside dams, power-generation plants, and other critical infrastructure. Computer malware that infects those systems can pose a threat by giving remote attackers the ability to sabotage sensitive equipment. Last year, a backdoor in a widely used piece of industrial software allowed hackers to illegally access a New Jersey company’s internal heating and air-conditioning system.

According to one of the articles in the newsletter, one of the infections was discovered after an employee experienced problems with the USB drive and called in IT staff to troubleshoot.

“When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits,” the newsletter reported. “Initial analysis caused particular concern when one sample was linked to known sophisticated malware.”

Based on the article, it’s not clear if the control system workstations use any form of antivirus protection.

“While the implementation of an antivirus solution presents some challenges in a control system environment, it could have been effective in identifying both the common and the sophisticated malware discovered on the USB drive and the engineering workstations,” it said. The report also noted the workstations had no backup mechanism, so “an ineffective or failed cleanup would have significantly impaired their operations.”

The other infection affected 10 computers in a turbine control system. It was also spread by a USB drive and “resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks,” the article stated. It went on to encourage owners and operators of critical infrastructure to “develop and implement baseline security policies for maintaining up-to-date antivirus definitions, managing system patching, and governing the use of removable media.”

USB drives have remained the weak link in many industrial control systems, which often lack Internet connections to minimize exposure to malicious software. The Stuxnet worm and the Flame malware—both of which were reportedly developed by the US and Israel to attack and spy on critical systems in Iran—relied on USB drives to propagate attack code and to ferry intercepted communications over air-gapped networks. Microsoft has patched the vulnerabilities that made some of those attacks possible on Windows computers, but it’s not clear all users have installed them.

This entry was posted in News. Bookmark the permalink.

2 Responses to Two US power plants infected with malware spread via USB drive

  1. # 1 NWO Hatr says:

    A healthy dose of penicillin ought to clear up that infection. 🙂

  2. pete says:

    on a more serious note,

    why the hell are they running windows instead of Linux or BSD?
    and why the hell do they have USB ports on them?

    i know a guy who works in banking,
    all there machines have epoxy in the usb ports and the optical drives are disconnected to stop workers copying stuff onto or off of the machines.

    hell, windows isnt even certified for use in such places.
    it’s in the License agreement – it states it is not to be used for life-support or safety-critical systems.

    also, on a more general note.
    we keep hearing about so-called hacking threats to bring down critical infrastructure.
    power, water etc by iran or other groups.

    why are such systems even online????????
    is it so the workers can sit at the console all day downloading porn and watching that cheap penis-enlarger on e-bay that they want to win?

Leave a Reply

Your email address will not be published. Required fields are marked *