USB Malware Attacks Put Power Plants at Risk According to ICS-CERT
by Brandy Cross
The ICS-CERT or Industrial Control Systems Cyber Emergency Response Team recently released their quarterly update, including some rather shocking news that U.S. power plants are under attack from USB malware. The attacks include both very sophisticated and very common malware and have not yet been pinned down to a specific person, or given a specific cause. U.S. power plant attacks have grown in number over the past few years, some resulting in actual plant downtime of periods of three weeks or more as companies struggled to get their software back online.
USB Malware Attacks against U.S. Power Plants
The most recent USB malware attack against a U.S. power plant was discovered almost by accident. Reports by ICS-CERT claim that the employee was experiencing difficulty with his USB backup drive and so took it to be looked at by the companies IT staff. The malware on the USB was discovered and removed before the factory experienced any downtime, but the USB in question was actually used for backing up control systems to the plant. If the data off of the external drive was stolen, it could cause problems for the power plant. IT professionals who scanned the USB drive for malware found 3 positive hits including known sophisticated malware.
A deeper in-depth analysis was performed on company machines and ICS-CERT discovered multiple machines had been infected with the malware. They cleaned the computers while saving data and the plant is still up and running.
2012 Malware Attacks on Power Plants
The ICS-CERT report also goes on to state that another USB malware attack on a U.S. power plant actually resulted in the shutdown of the plant for 3 weeks. 10 workstations were infected, causing the plant to completely shut down. The problem was cleaned up and the power plant returned to normal, but ICS-CERT claims that this is just the beginning of the attacks.
Many power plants currently have less than up-to-date malware and antivirus systems, especially since most of them do not connect to internet. Workstations are vulnerable to attacks, especially from USB malware attacks. As with any computer, the ICS recommends that safety precautions including new antivirus systems be implemented into factory safety. They also recommended that backups be made on write-once data such as CDs and DVDs, or that the USB drives be cleaned before each re-use.
Another method of preventing the spread of USB malware would be to scan the USB before downloading data, and using a separate USB for each computer or machine. In this way, factory owners could limit and prevent the spread of malware through their system, even if a malware infected USB stick were to get in.
USB Malware a Big Risk
USB malware attacks have been a big risk, especially in commercial organizations. While internet security risks are growing, many companies forget to include security from physical born viruses that aren’t affected by a firewall. Malware present on a USB can be easily downloaded onto any computer by an unwitting employee, especially if the computers antivirus system is out of date, or the computer has been told to ignore the USB.
As a safety precaution, anyone using a USB on a high priority computer should try scanning the drive before use, especially if they don’t know who has been handling it. Some USB malware can be downloaded via another computer to target specific files that are then loaded onto the computer, and will then infect other computers. For example, a backup USB drive could infect an entire string of computers if a backup has been made from a single infected drive.
Power plant (and other factory) USB malware attacks are expected to be on the rise, so companies and IT experts should watch out, expand their security, and practice safe USB usage to minimize malware threats.