Two power plants in the US were affected by
malware attacks in 2012, a security authority has said.
In its latest quarterly newsletter, the US Industrial Control
Systems Cyber Emergency Response Team (ICS-CERT) said "common and
sophisticated" attacks had taken place.
Malware had infected each plant's system
after being inadvertently brought in on a USB stick, it said.
The ICS-CERT said it expected a rise in the
number of similar attacks.
Malware can typically used by cyber-attackers
to gain remote access to systems, or to steal data.
In the newsletter, authorities said:
"The malware was discovered when an employee asked company IT staff to
inspect his USB drive after experiencing intermittent issues with the drive's
operation.
"The employee routinely used this USB
drive for backing up control systems configurations within the control
environment."
And at a separate facility, more malware was
found.
"A third-party technician used a
USB-drive to upload software updates during a scheduled outage for equipment
upgrades," the report said.
"Unknown to the technician, the
USB-drive was infected with crimeware.
"The infection resulted in downtime for
the impacted systems and delayed the plant restart by approximately three
weeks."
Physical effects
The authority did not go into explicit
details regarding the malware itself, but did stress that the use of removable
media had to be reviewed and tightened.
"Such practices will mitigate many
issues that could lead to extended system downtime," it said.
"Defence-in-depth strategies are also
essential in planning control system networks and in providing protections to
reduce the risk of impacts from cyber-events."
In recent years, power plants have been the target
of increasingly destructive malware and viruses - a bridge between damage in a
digital sense, such as data loss of theft, and actual physical infrastructure.
In 2010, the Stuxnet virus was said to have
damaged critical parts of Iran's nuclear infrastructure.
Security firm Symantec research said it
believed Stuxnet had been designed to hit motors controlling centrifuges and
thus disrupt the creation of uranium fuel pellets.
A UN weapons inspector later said he believed
the attack had set back Iran's nuclear programme.
No country has claimed responsibility for the
attack, but a New York Times report last year, written by the author
of a book on the attacks, pointed the finger at the US.
Journalist David E Sanger wrote that the US had acted
with the co-operation of Israel. [BBC Tech]
You can follow me on Twitter, add me to your
circles on Google+ or Subscribe to
me on FaceBook or YouTube. You can also
check my Website and Blog to keep yourself
updated with what is happening in the ever changing world of technology
No comments:
Post a Comment