Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forget Stuxnet: Banking Trojans Attacking Power Plants

Posted by Soulskill on from the subprime-malware-lending dept.

New submitter PLAR writes: Everyone's worried about the next Stuxnet sabotaging the power grid, but a security researcher says there's been a spike in traditional banking Trojan attacks against plant floor networks. The malware poses as legitimate ICS/SCADA software updates from Siemens, GE and Advantech. Kyle Wilhoit, the researcher who discovered the attacks, says the attackers appear to be after credentials and other financial information, so it looks like pure cybercrime, not nation-state activity.

3 of 34 comments (clear)

  1. Re:Are they after Diebold? by Firethorn · · Score: 4, Insightful

    Though it all requires physical access to the usb ports inside the machine first.

    The ones protected by armor plate? That's a bit like complaining that safes aren't safe because they can be drilled.

    Not only do you need to know how to do the hack, you have to know where to drill and how far.

    If they're showing up with that much invested in it they're getting the money out of the ATM/Safe no matter what.

    --
    I don't read AC A human right
  2. Re:pure cybercrime, not nation-state by Anonymous Coward · · Score: 3, Insightful

    The cybercriminals target your wallet, while the nation-state targets you.

  3. Inconceivable! by nurbles · · Score: 5, Insightful

    Any company that has a SCADA system that is allowed to automatically install any sort of update needs new management. I write software for industrial SCADA systems (many of them nuclear, but some not) and absolutely NONE of them have any form of automatic update enabled. That goes for the operating system platform, even anti-virus packages (when they are used) must be manually updated after the update has been tested in a sandbox lab system. Even a well intentioned update may disrupt a SCADA system's operation, so why would anyone in their right mind allow a SCADA system or the operating system it runs on, or any other software running on the same machine automatically update itself? Sorry, but that's just insane.. At best, SCADA systems should have a one-way data flow (preferably on a serial link with the receive line physically CUT) but none of them should accept input from outside their physically controlled environments.

    Except for toys and things like that.