US warns of malware that can take control of critical infrastructure systemsLeigh Mc Gowranon April 14, 2022 at 07:16 Silicon RepublicSilicon Republic


US government agencies issued a joint warning yesterday (13 April) that certain hackers have created “custom-made tools” to target multiple industrial control systems (ICS), which can give them “full system access”.

The Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA), the NSA and the FBI did not identify the threat actors in their joint advisory warning. However, cybersecurity firms that contributed to the warning believe some of the malware discovered is linked to Russia.

The agencies urged critical infrastructure organisations, particularly those involved in energy, to take measures such as multifactor authentication and consistent password changes to protect their control systems.

Some of the devices that could be affected include programmable logic controllers made by Schneider Electric and Omron. A Schneider spokesperson told Reuters it had worked with US officials and called it “an instance of successful collaboration to deter threats on critical infrastructure before they occur.”

New malware

Mandiant shared details of one ICS attack tool which it named Incontroller. The cybersecurity firm said it represents “an exceptionally rare and dangerous cyberattack capability” and compared it malware such as Triton, Industroyer and Stuxnet.

Industroyer was used at the end of 2016 to bring down Ukrenergo, an energy provider in Ukraine, and cut power in the country. A modified variant was used in a cyberattack last week that targeted Ukraine’s electrical grid.

Mandiant said that Incontroller is “very likely” to be state-sponsored given its complexity and its “limited utility in financially motivated operations”. The cybersecurity firm said it couldn’t connect the malware with a known group, but said its activity is “consistent with Russia’s historical interest in ICS”.

“While our evidence connecting Incontroller to Russia is largely circumstantial, we note it given Russia’s history of destructive cyberattacks, its current invasion of Ukraine, and related threats against Europe and North America.,” Mandiant said in its report.

Another cybersecurity firm, Dragos, released a report on a “modular ICS attack framework” called Pipedream, which it said was created by a threat group called Chernovite.

“While Chernovite is specifically targeting Schneider Electric and Omron PLCs, there could be other modules targeting other vendors as well, and Pipedream’s functionality could work across hundreds of different controllers,” Dragos said in its report.

This is not the first time the US has issued warnings around potential cyberattacks. Last month, US president Joe Biden warned companies operating in the country to bolster their cybersecurity efforts as “evolving intelligence” suggested that Russia was planning cyberattacks on the US.

In a joint advisory the week before, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warned organisations to be on alert and bolster their multi-factor authentication security after revealing details of how state-sponsored hackers in Russia were able to gain access to an unnamed NGO’s network.

Earlier that same month, three US cybersecurity companies – Cloudflare, CrowdStrike and Ping Identity – joined hands to offer many of their products and services to US critical infrastructure organisations for free, in anticipation of potential cyberattacks emanating from Moscow.

While Ukraine has borne the brunt of cyberattacks from Russia in recent months, the US hasn’t been spared from its share of threats. Bloomberg reported in early March that more than 100 employees of almost two dozen natural gas companies in the US were found to have been hacked by Russian actors in mid-February and just before Russia began its invasion of Ukraine.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

The post US warns of malware that can take control of critical infrastructure systems appeared first on Silicon Republic.

Leave a Comment