A U.S.-based power plant was hit with a malware attack thanks to an infected USB stick used for software updates.
The incident was revealed in a new report from the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The power plant contacted CERT after discovering a virus in a turbine control system that impacted about 10 computers on its control system network, and affected operations for about three weeks.
The USB drive in question was used to back up control system configurations. However, when the technician - who was not aware of the malware - inserted the USB stick into a computer with antivirus software, it picked up on at least three incidents of malware.
The incident is reminiscent of Stuxnet, a virus reportedly deployed by the U.S. and Israeli governments in order to slow the spread of Iran's nuclear program.