Malware Infects US Power Facilities Through USB Drives

angry tapir writes "Two U.S. power companies have reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The publication (PDF) did not name the malware discovered. The tainted USB drive came in contact with a 'handful of machines' at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment, ICS-CERT said."

Scan the security cameras...

[eksith]

...If they have them installed and actually recording. Find out which ones were inserting the USB drives in question, fire them and ban them from ever being hired at any infastructure facilities. Train the remaining employees in security best practices and run random scans of any equipment they bring into the premises.

More often than not security breaches are a result of an oversight, but far too often, it's laziness and incompetence.

Re:Scan the security cameras...

[aurispector]

Since windows is the de facto standard and as such the bulk of malware is targeted at it. Pick any platform, make it the standard and the amount of malware written for it will explode.

Nice rhymes BTW - that english degree is paying off for you!

Re:Scan the security cameras...

[benjymouse]

the solution is to not use vulnerable crap like windows for

Right. So there would never be any risk when using Linux?

http://www.h-online.com/open/news/item/USB-driver-bug-exposed-as-Linux-plug-pwn-1203617.html

http://news.softpedia.com/news/Researcher-Demonstrates-USB-Autorun-Attack-on-Linux-183611.shtml

http://linux.slashdot.org/story/11/02/07/1742246/usb-autorun-attacks-against-linux

http://www.omgubuntu.co.uk/2011/02/how-usb-autorun-malware-could-easily-infect-linux

You are stupid to think that any OS is free of such problems. Or you are just blind to facts because of Linux fanaticism.

Re:Don't DEAL with problems, SOLVE them...

3. Do not ALLOW any USB based access to any of the networked machines, ever. If at all, the USB drive needs to be connected to a Linux machine, that does not auto-mount or run any auto-magic stuff. Then, any files that need to be sent to the server need to be quarantined prior to updating.

The problem is the entire process of adding the software in the first place. The application should have been placed into a sterile test environment and proved out prior to ever being approved, then moved in a secure fashion to a staging environment for actual deployment. This whole thing reeks of massive violations of best practices, no matter what OS you happen to be using.

For example: "ICS-CERT recommended that the power facility adopt new USB use guidelines, including the cleaning of a USB device before each use."
Uh, yea NO SHIT. I work for an ISP and any code deployments which have to be done via USB, flash, or any other removable media MUST be done using company-owned media devices, that media is completely sterilized and staged in a pre-production environment prior to actual deployment. Anybody who let a contractor use his own equipment for such a deployment would be sacked without a second thought, and for this type of critical system we wouldn't rely on an outside contractor in the first place. Whoever is in charge of their practices and network/IT policies needs to be fired immediately and replaced by someone who is at least halfway competent.