Joint alert warns that advanced hackers have developed tools to target industrial control systems

The yet-unnamed Advanced Persistent Threat Actor has designed a way to break into the devices used in industrial control systems. A federal agency warned Wednesday, urging relevant entities, especially the energy sector, to mitigate potential attacks.

“Certain advanced persistent threat actors demonstrate the ability to gain full system access to multiple industrial control systems / monitoring controls and data acquisition devices,” he said. Alert Published Wednesday by the Cyber ​​Security and Infrastructure Security Agency in collaboration with the FBI, the National Security Agency, and the Department of Energy.

Specific devices include Schneider Electric and Omron programmable logic controllers, and Open Platform Communications Unified Architecture servers.

These devices are a type of operational technology that “with great care” shut down the colonial pipeline in May last year after a ransomware executor compromised an information technology system.

Currently, the agency states: “APT Actors have developed custom-made tools targeting ICS / SCADA devices. These tools can be used to scan, compromise, and scan affected devices after establishing initial access to operational technology networks. In addition, actors may endanger Windows-based engineering workstations that may be present in information technology or OT environments … jeopardizing full system access to ICS / SCADA devices. By keeping it exposed, APT actors can increase their privileges, move laterally within the OT environment, and confuse important devices or features. “

Disconnecting the connection between the external Internet and the target device was the first mitigation control urged by government agencies.

“DOE, CISA, NSA, and FBI are recommended for all organizations using ICS / SCADA devices … Use strong perimeter control to separate ICS / SCADA systems and networks from enterprises and Internet networks. It limits communication in and out of the ICS / SCADA boundaries, “they write. ..

Other mitigations include, among other things, performing multi-factor authentication, consistently changing all passwords to ICS / SCADA devices and systems, and keeping backups offline using firmware and controller configuration file hashes and integrity checks. included. ..

Alerts show that advanced attackers have developed the tool for wider use and offer a menu of attack options to less sophisticated hackers.

“APT Actor’s tools have a modular architecture that allows cyber actors to run highly automated exploits on targeted devices. The tools include the interface of the target ICS / SCADA device. There is a virtual console with a command interface to mirror. According to alerts, the module interacts with the target device, allowing it to be operated by less skilled cyber actors to emulate the capabilities of more skilled actors.

Robert Lee, CEO of Dragos, a cybersecurity company that works with the Ministry of Energy to protect industrial control systems by sharing warnings about malware (called PIPE DREAM), has partnered with private sector partners, including Schneider Electric. Praised the efforts of the institution. According to Alert, Microsoft, Mandiant, Palo Alto Networks.

“PIPE DREAM is the seventh ICS-specific malware to date. It’s very capable and worth the attention,” he said. Tweet.. “I know this is the first time an industrial cyber feature has been found before it was deployed for the intended effect. This feature is designed to be destructive / destructive in nature. Has been, and is actually one step ahead of the enemy. “ Joint alert warns that advanced hackers have developed tools to target industrial control systems

Back to top button