US Warns of Cyberthreat to Specific Industrial Machines

April 14, 2022
The malware specifically looks for some models of Schneider Electric and OMRON PLCs.

A new joint Cybersecurity Advisory (CSA) from the United States government issued on Wednesday warns that advanced persistent threat (APT) actors (read: cybercriminals) have developed a way to gain full system access to multiple industrial control systems (ICS) and supervisory control and data acquisition devices (SCADA), targeting specific models of programmable logic controllers (PLCs) manufactured by Schneider Electric and OMRON.

Industrial cybersecurity firm Dragos is among the organizations that contributed to the CSA. "The initial targeting appears to be liquid natural gas and electric community specific," says Robert M. Lee, CEO at Dragos. "However, the nature of the malware is that it works in a wide variety of industrial controllers and systems. The malware initially targets Schneider Electric and Omron controllers, however there are not vulnerabilities specific to those product lines."

Specific Cyberthreats to Specific Industrial Machinery
According to the CSA, cybercriminals have developed custom-made tools to specifically target the machines in question. Once the machines are compromised, the cybercriminals can upload malicious code, modify device parameters, and back up device contents.

Practical concerns for the Schneider Electric devices in question include losing the ability to connect your network to the PLCs; severing connections to prompt re-connects that require entering credentials that the cybercriminals may then steal; and crashing PLCs outright until they are restarted and recovery operations are completed.

For OMRON devices, cybercriminals may install hostile software to further enable new attacks; back up and restore files to and from the PLC; and outright issue commands to the PLC to manipulate files and capture data.

Cybercriminals have also developed a tool to exploit a known vulnerability in a specific ASRock-signed motherboard driver. The tool adds malicious code to Windows systems, opening the door for cybercriminals to move into general computer networks and wreak havoc in IT or OT environments.

Finally, the CSA cites fresh vulnerabilities for servers running Open Platform Communications Unified Architecture (OPC UA).

Enact Point Defense Early
The CSA includes numerous strategies to mitigate risk before cybercriminals have a chance to attack the industrial systems in question, including the usual advice on multifactor authentication, changing passwords often and making them strong, and closely monitoring any machines cited as being under particular threat. The CSA also provides a plentiful list of more advanced preventative actions for IT professionals.

"Attackers need an initial point of compromise to gain access to the industrial control systems involved, and organizations should build their defenses accordingly," adds Erlin. "The joint advisory recommends isolating affected systems, as well as employing endpoint detection, configuration and integrity monitoring, and log analysis. This isn’t a matter of simply applying a patch.”

Note: This article appeared in IndustryWeek, an Endeavor Business Media brand.

Sponsored Recommendations

ArmorBlock 5000: Boost Automation Efficiency

April 25, 2024
Discover the transformative benefits of leveraging a scalable On-Machine I/O to improve flexibility, enhance reliability and streamline operations.

Rising Cyber Threats and the Impact on Risk and Resiliency Operations

April 25, 2024
The world of manufacturing is changing, and Generative AI is one of the many change agents. The 2024 State of Smart Manufacturing Report takes a deep dive into how Generative ...

State of Smart Manufacturing Report Series

April 25, 2024
The world of manufacturing is changing, and Generative AI is one of the many change agents. The 2024 State of Smart Manufacturing Report takes a deep dive into how Generative ...

SmartSights WIN-911 Alarm Notification Software Enables Faster Response

March 15, 2024
Alarm notification software enables faster response for customers, keeping production on track