Hackers Up the Ante in Attack on Electronic Data in Power Plants and Other Facilities
According to the Wall Street Journal (WSJ), computer hackers have designed a virus that targets the industrial control systems, to include power plants, built by German engineering giant Siemens AG. The virus apparently activates a kind of malicious software that analysts say represents a growing corporate-espionage threat. This type of threat has been talked about for years — and it is now a reality.
The virus, Stuxnet, is spread by USB devices plugged into the physically unsecured USB ports on the machine(s) hosting the SCADA systems used by power plants and other types of facilities. The virus is programmed to steal data from computer systems that are used to monitor power plants built for anything from manufacturing to power generation to water treatment.
Researchers analyzing the virus say that they are now seeing several thousand infection attempts daily, though the virus is only activated if it lands on a computer running the Siemens systems software. Analysts warn that the attack on the Siemens’s systems marks an escalation in hackers’ efforts to use viruses for industrial espionage or sabotage purposes. This attack will surely make the NERC CIP regulations become even tighter more quickly than before this story broke.
Smaller, more isolated virus attacks have been attempted before on SCADA systems, but this is the first such infection where a virus is searching specifically for SCADA systems to attack on such a large-scale basis. The worry among security analysts should be that such viruses will, at some point, be used by criminal organizations or even terror groups to sabotage power plants.
The Stuxnet virus specifically exploits an unpatched vulnerability in the Microsoft Windows operating system, allowing it to spread through all USB devices. Once the virus has infected the Siemens system, it uses default passwords that are hard-coded into the Siemens software to upload false control-system data to a remote server. In an advisory that Siemens posted on its website, the company said Microsoft was working on a patch to fix the vulnerability at the USB interface. In its own website advisory, Microsoft has provided a workaround fix to offer some additional protection until a patch, or update, is ready.
Siemens said it expects to approve the updated virus scanners this week and also plans to provide customers with a diagnostic tool to check if their systems have been infected. In the meantime, the company’s website advisory urges customers not to use any USB storage sticks.
Siemens, Microsoft and other security analysts haven’t determined where the virus originated. Many of the infection attempts have originated from India, Indonesia and Iran. The virus likely was created in Asia, given the pattern of attacks and technology used.
James Holler is founder of Abidance Consulting.