Malware warning creeps into industry in US

Recently, the US Cybersecurity and Infrastructure Agency and other government agencies issued a joint advisory stating that this advanced malware can affect a type of device known called a programmable logic controller manufactured by Schneider Electric and OMRON Corp.

OMRON has not yet responded to this incident. Meanwhile, a spokesperson for Schneider confirmed it has been working with US officials to protect against hackers, calling it “an example of a successful partnership to stop threats on the ground.” critical infrastructure before they happen”.

Inherently, Programmable Logic Controllers (PLCs) are embedded in a large number of factories and any interference with its operation has the potential to cause harm, from shutdown to power failure to chemical leaks, equipment failure or even explosion.

The public alert from the Department of Energy and Homeland Security, the FBI and the National Security Agency did not name the actors or provide details about the finding. However, the CEO of one of the cybersecurity companies involved in the effort, Robert M. Lee of Dragos, said that they have a high degree of confidence that the malware was developed by an organization. state and configured to initially target electric and liquefied natural gas (LNG) power locations in North America.

Lee also did not explain how the malware was discovered, other than saying it was caught “before an attack was carried out”; “We were really one step ahead of the competition. None of us wanted those subjects to understand where they went wrong,” Lee said. It’s the “Big Win”.

Programmable logic controllers (PLCs) are common in many industries — from gas to food plants — but Robert Lee, chief executive officer of cybersecurity firm Dragos, the company who helped uncover this malware said the hackers’ targets were liquefied natural gas (LNG) and power facilities.

The software, dubbed Pipedream by industry-driven security experts at cybersecurity firm Dragos, becomes the reality of longtime cybersecurity professionals’ worst fears. Some have even compared it to Stuxnet, which the United States and Israel used more than a decade ago to damage equipment used in Iran’s nuclear program.

Investigators say the software program is used in equipment found in virtually all of the complex industrial plants. Although the government’s warning was vague, not specifying which hacker was behind the malware, it has caused concern throughout the energy industry in the US.

Likely Russian, the prime target of this malware is probably liquefied natural gas (LNG) production facilities, according to US private cybersecurity experts. “This is going to take years to recover,” said Sergio Caltagirone, vice president of threat intelligence at Dragos and former global technical lead at the National Security Agency.

In its warning, the US Cybersecurity Agency also called on critical infrastructure organizations, “especially energy sector organizations” to urgently implement a series of recommendations to prevent and develop shows a cyber weapon called Pipedream. The agencies have also urged the energy and other industries to install surveillance programs and require multi-factor authentication for remote logins, among other steps.

“The tools have a modular architecture that allows network actors to perform highly automated mining operations against targeted devices,” said advisor Sergio Caltagirone.

The Pipedream malware system can be understood as a “toolbox” containing various hacking tools, said Sergio Caltagirone. Each component provides a different way to subvert conventional controls, giving hackers multiple options to launch attacks.

For example, Caltagirone says that one of the tools in Pipedream would allow attackers to damage a Schneider Electric PLC in a way that would need to be completely replaced.

“Due to existing challenges in the supply chain, it may take longer to obtain a replacement controller after such an attack,” Caltagirone said. This means a natural gas facility. liquefaction may not work for months”.

Dragos says the malware is probably aimed at liquefied natural gas plants, as its most detailed attack methods appear to target specific devices that would be at the site. in such establishments. Because liquefied natural gas, including from the United States, is increasingly serving as a substitute for Russian oil and gas imports that the European Union has pledged to cut as a result of the invasion.