US plants hit by USB stick malware attack

Updated on: 2013-01-17 || Source: bbc.com

 

Two power plants in the US were affected by malware attacks in 2012, a security authority has said.

In its latest quarterly newsletter, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said "common and sophisticated" attacks had taken place.

Malware had infected each plant's system after being inadvertently brought in on a USB stick, it said.

The ICS-CERT said it expected a rise in the number of similar attacks.

Malware can typically used by cyber-attackers to gain remote access to systems, or to steal data.

In the newsletter, authorities said: "The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation.

"The employee routinely used this USB drive for backing up control systems configurations within the control environment."

And at a separate facility, more malware was found.

"A third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades," the report said.

"Unknown to the technician, the USB-drive was infected with crimeware.

"The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks."

Physical effects

The authority did not go into explicit details regarding the malware itself, but did stress that the use of removable media had to be reviewed and tightened.

"Such practices will mitigate many issues that could lead to extended system downtime," it said.

"Defence-in-depth strategies are also essential in planning control system networks and in providing protections to reduce the risk of impacts from cyber-events."

In recent years, power plants have been the target of increasingly destructive malware and viruses - a bridge between damage in a digital sense, such as data loss of theft, and actual physical infrastructure.

In 2010, the Stuxnet virus was said to have damaged critical parts of Iran's nuclear infrastructure.

Security firm Symantec research said it believed Stuxnet had been designed to hit motors controlling centrifuges and thus disrupt the creation of uranium fuel pellets.

A UN weapons inspector later said he believed the attack had set back Iran's nuclear programme.

No country has claimed responsibility for the attack, but a New York Times report last year, written by the author of a book on the attacks, pointed the finger at the US.

Journalist David E Sanger wrote that the US had acted with the co-operation of Israel.

News

Blackphone 2 'privacy' Android handset revamped
Security firm Silent Circle has revamped its smartphone that helps people manage personal data.
Chinese smartphones mount massive web attack
More than 650,000 Chinese smartphones have been unwittingly enrolled in a massive attack that overwhelmed a web
Hilton investigates hack claims
The Hilton hotel group has said it is investigating claims its US shops and gift stores may be the source of
Twitter website 'blocked' in Turkey
Twitter users in Turkey report that the social media site has been blocked in the country.

SIGN UP FOR NEWSLETTER

Sign up to received our free newsletter!
Name:
E-mail ID:

MOST READ

Views: 5120 Times
How to Create High Quality Metal 3D Text in Photoshop READ MORE
Views: 3114 Times
Apple,Samsung CEOs in U.S. court talks over patent row READ MORE
Views: 2791 Times
Virus could black out nearly 250,000 PCs READ MORE
Views: 5971 Times
How to remotely lock and wipe a lost Android phone READ MORE
Views: 7581 Times
How to Password Protect Files (Windows 7) READ MORE

Home|IT News|Computer Tips|Video Tutorials|Download Softwares|Subjects|Contact Us
Copyright © 2019. Jumbo Education (Information Technology). All rights reserved.
Free counter and web stats

Large Visitor Globe