Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Malware 'disguised as Siemens software drills into 10 industrial plants'

Four years of active infection, claims security biz Dragos

Malware posing as legitimate software for Siemens control gear has apparently infected industrial equipment worldwide over the past four years.

The cyber-nasty is packaged as software to be installed on Siemens programmable logic controllers (PLC), we're told. At least 10 industrial plants – seven in the US – were found running the infected software, a study by industrial cybersecurity firm Dragos claims.

According to the Maryland-based biz, this particular malware was specifically thrown at industrial control equipment. Exactly what it does, or did, is not explained, although it is described as "crimeware". Dragos CEO Robert Lee writes:

Starting in 2013, there were submissions from an ICS environment in the US for Siemens programmable logic controller control software. The various anti-virus vendors were flagging it as a false positive initially, and then eventually a basic piece of malware. Upon our inspection, we found ... variations of this file and Siemens theme 10 times over the last four years, with the most recent flagging of this malicious software being this month in 2017.

In short, there has been an active infection for the last four years of an adversary attempting to compromise industrial environments by theming their malware to look like Siemens control software. The malware is simply crimeware but has seemingly been effective.

This malware is separate to common-or-garden adware and bank-raiding Trojans that find their way onto PCs. Dragos conservatively estimates that 3,000 industrial sites a year are infected by traditional cyber-pests. These infections were largely opportunistic Trojans – such as Sivis, Ramnit, and Virut – brought in by staff using infected USB sticks.

Dragos revealed its findings during a keynote at the SANS ICS Security Summit in Orlando, Florida.

Edgard Capdevielle, chief exec at industrial control security specialists Nozomi Networks, said: "That ICS themed malware exists is not surprising, but it is concerning. The reality is that ICS networks today face all the same security challenges as every other IT network, but lack similar security options.

"Historically ICS was designed to be completely segregated and confined by physical boundaries. However, each new IP address punches another hole in the metaphorical wall that separates Information Technology (IT) and Operational Technology (OT). Having established IT connectivity, it's difficult to put the genie back in the bottle and each of these avenues is a potential point of weakness that can be compromised – by hackers burrowing in or malware (such as ransomware) detonating internally and then radiating out."

Andrew Cooke, head of cyber consulting at Airbus Defence and Space CyberSecurity, added: "Malware is prevalent in a wide range of industrial systems, often spread by an infected USB stick or by unauthorized remote access. But while the majority of malware found in these systems is low level, it can still pose a serious risk for the organizations concerned. Sophisticated attackers often use these methods to gain valuable intelligence about the way that a system is operated, configured and run." ®

Similar topics

TIP US OFF

Send us news


Other stories you might like