USB drives responsible for infecting two US power plants with malware

[Shawn Knight]

The latest quarterly report from the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reveals that control systems at two different power plants in the US were found infected with malware last year. The organization didn’t name which plants were hit and there is no indication if any equipment damage or personal injuries occurred as a result of the infections.

The attacks were spread using traditional USB drives that were plugged into critical power generation equipment. In fact, one of the infections was discovered after an employee had trouble with a USB port and called IT for assistance. The IT employee ran an updated virus scan on the system and found three positive hits. One sample was reportedly linked to known sophisticated malware.

Judging by wording in the article, it doesn’t sound like the control systems use any antivirus software at all. The ICS-CERT noted that while the implementation of an antivirus solution presents some challenges in a control system environment, it could have been effective in identifying both the common and the sophisticated malware.

Furthermore, the control workstation wasn’t using any sort of backup solution which meant that if things had taken a turn for the worse, it would have taken a very long time to clean up the system and restore it to its intended state.

The newsletter says the other infection spread to 10 different computers responsible for controlling a turbine system. The report notes that the infection resulted in downtime for the impacted systems, which in turn delayed the plant restart by about three weeks.

Permalink to story.

https://www.techspot.com/news/51365-usb-drives-responsible-for-infecting-two-us-power-plants-with-malware.html

 

[amstech]

It's not the people using the guns, its the guns fault.
Its not the people using the flash drives, its the flash drives fault.
Lets put more rules/laws on them, that will fix it!!

:rolleyes'
The pussification of this country is starting to hit an all time high.

 

[treetops]

Well a simple rule of having any anti virus software as opposed to nothing would have helped.

 

[DelJo63]

The USB insert / mount issue is exactly like the '80s shared floppy infection.
This is why it is necessary to disallow AUTORUN on all mountable devices, which will give you the
opportunity to scan the newly mounted media before launching the autorun or setup.exe.

 

[Guest]

They should have been using Macs.

 

[Guest]

They don't know " Autorun Eater from Old McDonald’s Farm" !!!

 

[Guest]

They should have been using Macs.

Or any available linux OS that's what all Mac OSs' are just stolen linux OSs'
And they are free!!!!!!!!

 

[Guest]

Unix, not Linux silly. A BSD flavor built on top of a MACH kernel and POSIX compliant with a highly advanced user-friendly GUI. I chuckle at all the Windows users who think they are somehow using a more "power user" OS in Windows and that OS X is a "toy". The UNIX underlying OS X is far more hardcore and wonderfully accessible. Just start Terminal and BASH away.Disease free.

 

[Guest]

What I have to wonder is why any critical system (security, infrastructure, etc) isn't on a close internal network without Internet access. The best trojan in the world is useless without an external network connection.

And possibly with the USB sockets disabled/removed too.

 

[DelJo63]

Managing removable media AND all of the BYOD (Bring Your Own Device; eg smartphones) to work is a major commercial issue.
We all know just how utilitarian these are, but they all present RISK to the Infrastructure. Even Windows/7 added a feature NAP(Network Access Protection) to verify that remote devices accessing the Infrastructure are 'reasonably safe'.
If you google for 3rd party tools which provide USB device management and control, you will see major efforts have been made to close the doors for all forms of mounted device control (ie CDs, DVDs, Thumbdrives are all mounted).

Unix (and the Linux look alikes) have had this issue bolted down for decades with the FSTAB options of ro,noexec,nosuid,
(read-only, no executables, no super-user-id).