Researchers at the industrial cybersecurity firm Dragos have found that thousands of industrial facilities have their systems infected with common malware every year.
As part of a project termed MIMICS (Malware in Modern ICS), Dragos has identified 30,000 samples of malicious ICS files and installers from 2003 to 2017. Non-targeted infections containing viruses like Sivis, Ramnit and Virut are the most common, followed by Trojans that can provide threat actors access to Internet-facing environments.
The analysis found that 3,000 unique industrial sites are hit by traditional, non-targeted malware each year. While these incidents may not be as severe as targeted attacks, they can cause liability issues and downtime to operations, which in turn increases financial costs.
Dragos’ research also found that targeted ICS attack are not as rare as we once thought. The security firmed spotted a dozen intrusions involving ICS-themed malware, but only three strains of malware are currently known to specifically target ICS systems- Stuxnet, Havex, and BlackEnergy.
These threats target operators and engineers masquerading as legitimate ICS software. One ICS-themed malware that caught Dragos’ attention has been disguised as software for Siemens programmable logic controls (PLCs). The crimeware has been submitted to public malware databases ten times since 2013 and March 2017. The samples were originally identified by anti-virus as false positives and later as a basic piece of malware.
Another key finding of this study is related to operational security (OPSEC). Researchers found that public malware databases oftentimes contain authentic ICS Software components that have been inaccurately flagged as malicious. What this ultimately means is hackers have the ability to download the software files and leverage access to them for their own knowledge and practice. It’s important that we keep legitimate software out of the hands of cyber criminals as this will help increase the time it takes for them to target our IT environments.
It’s important that the industrial sector abide by the NERC CIP Compliance standards, and with NNT we can make achieving, proving and remaining NERC CIP Compliant a breeze. NNT solutions can help address all CIP Standards, meeting requirements of CIP-002,CIP-003,CIP-004,CIP-005, CIP-006,CIP-007,CIP-008,CIP-009,CIP-010 and CIP-011.
Read this article on SecurityWeek