Grow Your Business and Join MarketWorld Marketplace and Create Your Own Store front

Sunday, December 22, 2024

HomeCyberSecurityDragos warns of novel malware targeting industrial control systems

Dragos warns of novel malware targeting industrial control systems

Dive Brief:

  • Dragos researchers warn a newly identified industrial control system-specific malware uses Modbus transmission control protocol communications to attack OT environments, in a report released Tuesday. Modbus is a “standard ICS protocol across all industrial sectors and organizations worldwide,” Dragos said.
  • Dragos researchers discovered binaries for the malware, dubbed FrostyGoop, in April. The malware poses a potentially wider risk to industrial systems globally, as the Modbus protocol is used in more than 46,000 systems worldwide, according to Dragos.
  • Researchers suspect the malware was used in a January attack against an energy company in Lviv, Ukraine, disrupting the heating supply to more than 600 apartment buildings in the city. The attackers gained entry to the municipal district energy company’s systems in April 2023 by exploiting a vulnerability in a Mikrotik router, deploying a webshell and later gaining access to user credentials, Dragos said. 

Dive Insight:

FrostyGoop is the ninth-ever malware to specifically target ICS systems, and the first that uses Modbus communications to attack OT environments, according to Dragos.

Pipedream, discovered in 2022, uses Modbus as one of its components for enumeration purposes. Pipedream is also known as Incontroller.

FrostyGoop is written in the Golang programming language and interacts with ICS systems using Modbus TCP over port 502, according to Dragos.

In the Ukraine attack, the hackers used Modbus commands to Enco controllers, which caused the system to have inaccurate measurements and system malfunctions, according to the report.

The malware poses potentially dangerous risk factors for anyone defending an ICS system. Antivirus software cannot currently detect FrostyGoop and because the malware is used to attack targets exposed to the public internet, a prior compromise is not required, according to Dragos. 

“These are devices that you or I can access, no problem, on the internet,” Magpie Graham, intel capability technical director at Dragos, said Friday in a media presentation.  


Source link

Bookmark (0)
Please login to bookmark Close
RELATED ARTICLES
- Advertisment -spot_img

Most Popular

Sponsored Business

- Advertisment -spot_img