Twin US-based Power Organizations Contracted Malware –ICS-CERT
The United States ICS-CERT has reported that highly-sensitive control systems within dual plants for power generation in USA had become contaminated with malicious software.
The contaminations disseminated when infected USB sticks were attached to the critical systems that regulated power generation machines, reported a newsletter from the organization. There was, however, no mention about the plants' proprietors while it was clueless whether the contaminations caused damages alternatively machine failures.
Meanwhile, it was when an employee encountered a USB stick problem for which he had to ask for IT staff's assistance that one computer contamination out of the two came to light, said the report.
Consequently, a scan was performed that showed 3 malware incidences of which 2 were ordinary while the other was sophisticated.
The finding reportedly, led to an increasingly detailed inspection, which disclosed that probably the infected USB stick came in direct contact with a few workstations, comprising 2 of thirteen computer systems linked with critical equipments.
The report continued that thorough study was initiated since the 2 computer systems were devoid of any backup, while if the cleanup didn't turn out successful then the computers' operations would been considerably weakened.
Further, given that an anti-virus activation might've undergone certain challenges within an environment which was heavily controlled, still an effective detection of both the ordinary as well as the sophisticated malicious programs could have gotten obtained.
Meanwhile, during another instance, a power organization, during October 2012, reported to ICS-CERT about one virus contamination inside its turbine control computer that, said ICS-CERT, spread to ten more PCs.
Actually, one outside technician plugged one USB stick for installing software updates for the power machines when the malware attacked to spread infection that subsequently took 3 extra weeks to restart the plant.
Vice-President Scott Greaux for Product Management & Services at PhishMe an anti-phishing firm stated that the above incidences indicated that a few people kept thinking they weren't in danger thus allowing unfettered compromises. The particular mentality was causing still further vulnerability. Significantly therefore, organizations couldn't stay complacent regarding the training and controls they maintained, Greaux contended. Csoonline.com published this dated January 14, 2013.
Related article: Twin Trojans Use PowerPoint Flaw To Spread
» SPAMfighter News - 21-01-2013