Michigan Utility, German Nuclear Plant Infected with Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

A nuclear power plant in Germany and an electric utility in Michigan were both recently hit with malware infections.

The system used to monitor fuel rods at the Gundremmingen nuclear power plant, about 75 miles from Munich, was recently found to be infected with several viruses including W32.Ramnit and Conficker. However, the infected system wasn't connected to the Internet, Ars Technica reports.

Still, Carl Wright, executive vice president and general manager at TrapX Security, told eSecurity Planet by email that a system that isn't connected to the Internet may still be at risk. "TrapX Labs has found malware in several client sites that has jumped the gap into isolated or secure environments, which is often the case with complex process control systems and SCADA networks," he said.

"In one case, a service technician loaded new software from his trusted laptop and accidentally introduced attacker tools," Wright added. "In a second case, the use of USB memory introduced the threats. In a third, malware jumped the gap between a secure and insecure environment by accidentally connecting one laptop to both in a sensitive agency, and the resulting policy violation opened up the entire classified network."

Separately, Lansing, Michigan's Board of Water & Light (BWL) was recently infected with ransomware when an employee clicked on a link in a phishing email. In response, the company shut down its accounting system as well as 250 employees' email access and several phone lines, Network World reports.

Still, the utility told the Lansing State Journal that all customer account data remains secure. "It's a mess for us internally, but it's not a mess for our customers," BWL general manager Dick Peffley said.

"In my time at the board of 40 years, I've never seen anything of this magnitude," Peffley told WLNS. "Our time keeping, phones, computers, printers, everything that it takes to do the administrative work that the BWL does right now is shut down."

Imperva director of security research Itsik Mantin told eSecurity Planet by email that ransomware by its nature doesn't present a direct threat to critical infrastructure systems. "The main risk ransomware presents for critical infrastructure systems is an accidental one," he said.

"Ransomware tends to corrupt all the data it finds, both locally on the infected machine and everywhere else on the network, regardless of whether the data is a picture of the user from his last vacation or a configuration file used by a critical system," Mantin added.

According to the results of a recent survey of 694 IT security practitioners in the U.S., 56 percent of respondents said their companies aren't equipped to deal with ransomware attacks.

The survey, conducted by the Ponemon Institute and sponsored by CounterTack, also found that 71 percent of respondents find their own endpoint security policies difficult to enforce.

Eighty percent of respondents said employees, not hackers, present the greatest threat to their company.

"Today, enterprises need to be vigilant in educating employees, enforcing security policies and securing all endpoints, if they have any hope of minimizing their risk associated with breaches," Ponemon Insitute president Larry Ponemon said in a statement.

Recent eSecurity Planet articles have examined the growing threat of ransomware and offered advice on improving database security.