Forget Stuxnet: Banking Trojans Attacking Power Plants

New submitter PLAR writes: Everyone's worried about the next Stuxnet sabotaging the power grid, but a security researcher says there's been a spike in traditional banking Trojan attacks against plant floor networks. The malware poses as legitimate ICS/SCADA software updates from Siemens, GE and Advantech. Kyle Wilhoit, the researcher who discovered the attacks, says the attackers appear to be after credentials and other financial information, so it looks like pure cybercrime, not nation-state activity.

Are they after Diebold?

[140Mandak262Jamuna]

Diebold is the ATM maker with near monopoly marketshare. They also make voting machines. There were lots of conspiracy theories from the left that there are backdoors and secret keys that could be used to remotely steal an election. Mostly based on tenuous facts, like the top managers of Diebold donated (caution pun ahead) liberally to conservatives. So they might believe there are secret backdoors to all Diebold machines, including ATMs.

There are lots of stories of how bad Diebold is in upgrades and that most ATMs are running on WinXP and how they can be made to dispense cash with remote exploits. Though it all requires physical access to the usb ports inside the machine first.

Re:Are they after Diebold?

[140Mandak262Jamuna]

Bribe the low paid worker who services the machine to plug in a usb fob for a few minutes, unplug the device and walk away. There were some ATM machines where if you use a coat hanger to snag the edge of the plastic cover and pull, you could expose a usb port under the screen. Once the malware is uploaded into the machine, then it can be made to remotely dispense cash. Again they recruit low paid mules to actually pick the cash.