Complicated malware targets US critical infrastructures
By MYBRANDBOOK
The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) are warning the US energy sector that certain APT (advanced persistent threat) threat actors have revealed the capability to gain full system access to multiple industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices.
Several Schneider Electric MODICON and MODICON Nano PLCs (programmable logic controls), including TM251, TM241, M258, M238, LMC058 and LMC078, are impacted. The threat actor tool targeting those devices has modules that interact via normal management protocols and Modbus protocols, allowing attackers to:
· Rapidly scan a local network for all Schneider PLCs
· Brute-force PLCs passwords using CODESYS and other available device protocols against defaults or dictionary word list
· Conduct denial of service attack to prevent PLCs from being reached
· Interrupt connections, requiring users to re-authenticate on PLC, likely to facilitate the capture of valid credentials
· Crash the PLC until a power cycle and configuration recovery is conducted
· Send custom Modbus commands (which can also work against Modbus devices besides Schneider Electric PLCs)
The affected OMRON devices are OMRON Sysmac NJ and NX PLCs, including NEX NX1P2, NX-SL3300, NX-ECC203, NJ501-1300, S8VK and R88D-1SN10F-ECT. The threat actor tool targeting those devices have modules allowing attackers to:
· Scan for OMRON using the FINS (factory interface network service) protocol
· Parse HTTP response from OMRON devices
· Retrieve media access control (MAC) address of devices
· Poll for specific devices connected to PLCs
· Back-up/restore arbitrary files to/from PLCs
· Load a custom malicious agent on OMRON PLCs for additional attack operations (do file manipulations, make packet captures or execute code).
A report mentioned in the advisory, refers to a likely state-sponsored attacking tool dubbed Incontroller (aka Pipedream), built to target automation devices. Incontroller comprises three elements targeting all the devices reported in the security advisory. Each tool might be used separately, but it is also possible that all the tools would be used to attack a single environment.
Incontroller attack scenarios could lead to operational disruption of activities, leading to delayed production, financial losses and complex facility startup procedures; sabotage of industrial processes, resulting in defective products or malfunctioning machine behavior; physical destruction of the industrial machinery, impacting human safety and the environment and damage to equipment.
Pipedream malware is targeted to equipment in liquefied natural gas (LNG) and electric power environments, but could easily adapt and compromise and disrupt a broader set of targets. The joint advisory from US government agencies have suggested mitigations to this threat.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : RAJENDRA SINGH PAWAR
Rajendra Singh Pawar is the Executive Chairman and Co-Founder of NIIT ...
Icons Of India : NIKHIL RATHI
Co-founder & CEO of Web Werks, a global leader in Data Centers and Clo...
Icons Of India : AMIT CHADHA
Amit Chadha serves as the CEO and Managing Director of L&T Technology ...
C-DOT - Center of Development of Telematics
India’s premier research and development center focused on telecommu...
GSTN - Goods and Services Tax Network
GSTN provides shared IT infrastructure and service to both central and...
ITI - ITI Limited
ITI Limited is a leading provider of telecommunications equipment, sol...
Indian Tech Talent Excelling The Tech World - Sanjay Mehrotra, CEO- Micron Technology
Sanjay Mehrotra, the President and CEO of Micron Technology, is at the...
Indian Tech Talent Excelling The Tech World - Sundar Pichai, CEO- Alphabet Inc.
Sundar Pichai, the CEO of Google and its parent company Alphabet Inc.,...
Indian Tech Talent Excelling The Tech World - Rajiv Ramaswami, President & CEO, Nutanix Technologies
Rajiv Ramaswami, President and CEO of Nutanix, brings over 30 years of...