U.S. Power Plant Hit by USB-Based Malware
A U.S.-based power plant was hit with a malware attack thanks to an infected USB stick used for software updates.
The incident was revealed in a new report from the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The power plant contacted CERT after discovering a virus in a turbine control system that impacted about 10 computers on its control system network, and affected operations for about three weeks.
The USB drive in question was used to back up control system configurations. However, when the technician - who was not aware of the malware - inserted the USB stick into a computer with antivirus software, it picked up on at least three incidents of malware.
The incident is reminiscent of Stuxnet, a virus reportedly deployed by the U.S. and Israeli governments in order to slow the spread of Iran's nuclear program.
StuartMWWho Is John Galt?Premium
Well you can be infected with a removable drive in
two three ways on a Windows based machine.
• Autorun (disable it!)
• An infected executable on the drive (A/V should catch that).
• An infected boot sector on the drive. While booting from a USB drive is possible it's probably not common in industrial applications.
I'd rather have stand-alone machines updated via a removable drive than have them all networked.
PS: Computer "oldies", like me, remember the days when viruses spread via floppies. Nothing really new here.
Don't feed trolls--it only makes them grow!
West Hartford, CT
Practicing safe hex makes this type of infection a longshot.
- A/V should scan all removable drives [no disabling/abort allowed].
- Autorun disabled
- Boot from USB disabled in [password protected] BIOS
You can still use a thumb drive for updates. Our A/V takes about 10 seconds to scan unless you're dumb enough to store several GB of iTunes or video on the same drive as your updates.
I guess I'm old. I have many not-so-fond memories of boot sector viruses and malicious macros on floppies that were actually floppy.
|reply to Cartel |
My question is what malware was found? If they don't answer, the default answer (almost) becomes
Iran's counter to Stuxnet. Let the cyberwar continue!