Washington, DC
The ECS-CERT today announced that they had discovered a new
cybersecurity worm that specifically targets safety control systems. The newly
discovered UNSICHER worm was discovered during an ECS-CERT investigation of a
control system incident at a chemical plant in the mid-west, according to Immanuel
C. Securitage, an ECS-CERT spokesman.
Securitage reported that an ECS-CERT team was called to the
facility when the safety systems started shutting down chemical manufacturing
systems operating under safe conditions. The investigators quickly isolated the
malware. Working with Robotron, the company that sells the SicherheitsKontrolle
safety control system, ECS-CERT was able to identify how the isolated safety
system was infected.
Erich Mielke, the Robotron spokesman, explained that the SicherheitsKontrolle
was a completely air-gapped safety system. Technicians from the company are the
only ones that are able to connect to the system as they are the only ones that
have both the physical and software keys to access the firewire port on the
system that is used for installing updates and patches.
Securitage reported that apparently the Robotron technician
that installed the latest update had picked up the worm on his laptop when he
plugged into an airport charging port in route to install the latest update. UNSICHER
was found both on the technician’s laptop and all of the Robotron systems that
he updated on that particular trip.
When the SicherheitsKontrolle system is infected, Mielke
explained, it attempted to establish a communication link between one of the
Robotron PLCs connected to the safety system using the wireless communications
link Robotron uses to allow wireless connections to sensors used in the
process. Once the connection link between the normally isolated safety system
and the facility control system is made, the worm tries to establish a
communications link to a command and control computer under the control of the
attacker.
Securitage suggested that anyone using the Robotron PLCs as
part of a safety system lock-out the wireless ports by setting the DIP switches
provided for that purpose as the UNSICHER worm is able to bypass the software
locks on those ports.
ECS-CERT reports that there was no physical damage caused at
the facility where the worm was discovered, but that the company suffered
almost $1 million in losses due to lost production and rework disposal costs.
No comments:
Post a Comment