In a case that bears strong similarities to the highly publicized Stuxnet attack on Iran, two US power plants have befallen the same fate, becoming infected with malware via USB sticks, according to the Department of Homeland Security.
In one of the two cases, both of which occurred last year, it’s believed that a technician working for an outside contractor unwittingly introduced malware designed to steal personal information after using his own USB stick. The incident led to the power plant being taken offline for three weeks before the virus could be eliminated.
“When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits. Initial analysis caused particular concern when one sample was linked to known sophisticated malware,” said the DHS Computer Readiness Emergency Team (ICS-CERT) in its report.
Here with more analysis on the news is Contributing Editor John Cassaretto, who appeared on this morning’s NewsDesk segment with Kristin Feledy. The article continues below:
Researchers say that the malware was later discovered on two engineering work stations that perform critical tasks relating to the control of the power station. Because neither of these stations had any effective back up, the power plant was taken offline for three weeks.
ICS-CERT also says that a second power plant was infected by a similar method, only this time the virus is believed to have been more sophisticated. It said that this infection led to ten computers in a turbine control system becoming infected.
Researchers didn’t reveal too much about the nature of the malware, but they stressed that the two incidents highlighted the need for better controls over the use of removable media in critical installations like power plants.
“ICS-CERT continues to emphasize that owners and operators of critical infrastructure should develop and implement baseline security policies for maintaining up-to-date antivirus definitions, managing system patching, and governing the use of removable
media,” said the report.
“Such practices will mitigate many issues that could lead to extended system downtimes.”
ICS-CERT warned that USB sticks are a notoriously simply but effective way for hackers to gain entry to critical industrial installations, saying that it expected further such incidents to take place in future. The use of USB sticks as a means of entry was highlighted last year, when it was revealed that both the Stuxnet worm and the Flame malware had infected Iranian nuclear facilities in the same way.