Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Attackers planting banking Trojans in industrial systems

SCADA insecurity not just about Stuxnet

Trend Micro researcher Kyle Wilhoit says the latest attacks on SCADA and industrial control networks are turning out to carry rather pedestrian banking Trojans, and have been on the rise since October 2014.

Talking to DarkReading, Wilhoit said rather than Stuxnet-style attacks, ne'er-do-wells are dropping banking Trojans into these networks disguised as updates to SCADA software.

So far, the DarkReading piece says, he's seen the attack software disguised as Siemens' Simatic WinCC, GE Cimplicity, and Advantech device drivers.

Rising numbers of attacks on SCADA environments in recent years have put sysadmins on edge. Apart from the nation-state-level Stuxnet, there's been a growing number of bugs identified in SCADA software.

Apart from generic bugs like Heartbleed and Poodle, which are inherited via popular libraries the vendors deploy, industrial systems also suffer from all-too-common problems like hard-coded passwords and remote-access bugs. The SCADA-specific Havex and BlackEnergy attacks also grabbed headlines in 2014.

That makes the banking Trojan more unexpected, Wilhoit said, adding: “The ultimate end goal here is probably not industrialised espionage, but to get banking credentials”.

That, of course, assumes that there are industrial controllers whose owners allow operators to use as bank login points.

Wilhoit adds that many industrial control systems use Windows as the human interface platform, and users in those environments don't seem particularly diligent at running anti-virus and other security software.

He notes that a successful crimeware attack on a Windows-based industrial controller would be catastrophic even if it didn't make a steel plant explode: if, for example, someone deployed a Cryptolocker-based attack against the control system, it would be rendered unusable.

“HMI systems are very finicky, so it doesn't take much to make these things fall over. Financial information could be stolen, but what if an [HMI] box drops inadvertently?” Wilhoit added.

He will be detailing his findings at Miami's S4 ICS/SCADA conference next week. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like