The U.S. Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a joint advisory to warn about the rising cyberattacks on Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) devices.
The development comes to light as federal agencies detected several custom tools that can allow APT groups to compromise and hijack devices.
What does the advisory say?
- The tools developed by threat actors can enable scanning, compromising, and controlling of affected ICS/SCADA devices.
- The advisory highlights that OPC Unified Architecture (OPC UA) servers and multiple versions of Programmable Logic Controllers (PLCs) from Schneider Electric, and OMRON are vulnerable to such attacks initiated by these custom tools.
- These tools have a modular architecture that can enable threat actors to conduct highly-automated exploits against targeted devices.
- In addition, one of these tools can be used to exploit a known vulnerability in the ASRock-signed motherboard driver (tracked as CVE-2020-15368) to execute malicious code in the Windows kernel.
- By compromising and maintaining full system access to ICS/SCADA devices, APT actors can elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions.
A new PIPEDREAM malware identified
- To add more trouble, researchers at Dragos revealed details about a new Incotroller (PIPEDREAM) malware designed to target ICS and SCADA systems.
- The malware accomplishes a far-reaching impact through a series of five components - EVILSCHOLAR, BADOMEN, DUSTTUNNEL, MOUSEHOLE, and LAZYCARGO.
- Associated with Chernovite, PIPEDREAM can manipulate a wide variety of PLC and industrial software. It can attack ubiquitous industrial technologies from the likes of CODESYS, Modbus, and OPC UA.
Conclusion
The federal agencies have recommended all organizations with ICS/SCADA devices implement proactive mitigation measures. These include isolating ICS and SCADA systems from the rest of the IT and OT networks, limiting access to specific management and engineering workstations, and monitoring systems to catch unusual activities.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/cd20_shutterstock_2097533995.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_246885445.jpg)
