ICS-CERT: Two U.S. Power Plants Infected With Malware
In both cases, the malware was delivered on a USB drive.
According to a recent ICS-CERT report [PDF file], significant malware infections were recently discovered at two U.S. power companies.
"In one instance ... malware was discovered after a power generation plant employee asked IT staff to look into a malfunctioning USB drive he used to back up control systems configurations," writes Threatpost's Anne Saita. "A scan with updated antivirus software turned up three instances of malware, two common and one considered sophisticated. That discovery prompted a more thorough on-site inspection that revealed 'a handful of machines that likely had contact with the tainted USB drive.'"
"The ICS-CERT said that cleaning up the workstations required particular delicacy because no backups existed, and because a potential 'failed cleanup would have significantly impaired their operations,'" The H Security reports.
"Another similar situation occurred in October 2012, when a power company reached out to ICS-CERT after detecting a virus infection in a turbine control system," writes Softpedia's Eduard Kovacs. "A total of 10 computers were found to be infected, resulting in a downtime that delayed the plant restart with 3 weeks. The malware spread through the organization’s networks via an infected USB drive used by a technician for software updates."
"ICS-CERT continues to emphasize that owners and operators of critical infrastructure should develop and implement baseline security policies for maintaining up-to-date antivirus definitions, managing system patching, and governing the use of removable media," the ICS-CERT report states. "Such practices will mitigate many issues that could lead to extended system downtimes."