Slashdot Mirror

← Back to Stories (view on slashdot.org)

Forget Stuxnet: Banking Trojans Attacking Power Plants

Posted by Soulskill on from the subprime-malware-lending dept.

New submitter PLAR writes: Everyone's worried about the next Stuxnet sabotaging the power grid, but a security researcher says there's been a spike in traditional banking Trojan attacks against plant floor networks. The malware poses as legitimate ICS/SCADA software updates from Siemens, GE and Advantech. Kyle Wilhoit, the researcher who discovered the attacks, says the attackers appear to be after credentials and other financial information, so it looks like pure cybercrime, not nation-state activity.

3 of 34 comments (clear)

  1. pure cybercrime, not nation-state by fustakrakich · · Score: 4, Interesting

    How do you distinguish the two?

    --
    “He’s not deformed, he’s just drunk!”
  2. Re:Are they after Diebold? by Anonymous Coward · · Score: 2, Interesting

    Actually, the money is in a safe behind a combination lock. The computery bits are often behind a single, 4 pin tumbler lock. If you're ballsy to take the time to pick a lock in a high traffic area with 2-3 cameras pointed at you, then you could easily pull this off. If you're in a hurry, I bet you could find a bump key that would work too.

  3. Why aren't these networks air gapped? by ErichTheRed · · Score: 3, Interesting

    SCADA and the like are the worst things to have available on an accessible network. Vendors never update their software, everything's insecure by default, etc.

    I've worked in environments like this, and some of the equipment is just not possible to secure without leaving it on its own network. It makes maintenance a nightmare -- sneakernetting patches, software updates, AV signatures, etc. I know an air gap isn't a guarantee of security, but it at least prevents dumb things like drive by downloads on someone's computer affecting production equipment.

    Working with vendors of some of this stuff is equally bad...most of them deny a problem exists. And even if they acknowledge a problem, they won't lift a finger to fix it because they just have to say it's secure if installed as per our instructions. I've seen lots of software for control systems, etc. with 15 or 20 year old software libraries gluing everything together. (Using the 15 year old version now, I mean.) The vendor knows they're one of a handful of firms providing stuff like this, and they know that companies don't care about information security anyway. (One example of this from outside of the manufacturing industry -- I was integrating a very specific peripheral for a customer, and the vendor absolutely refused to digitally sign the Windows drivers, rendering it nearly impossible to install on 64-bit Windows. A lot of people might say "that's what you get with closed source," but open source libraries and other code have their problems as well.