Device Hardening and Continuous Compliance MonitoringCONTINUOUS COMPLIANCE

Researchers at the industrial cybersecurity firm Dragos have found that thousands of industrial facilities have their systems infected with common malware every year.

As part of a project termed MIMICS (Malware in Modern ICS), Dragos has identified 30,000 samples of malicious ICS files and installers from 2003 to 2017. Non-targeted infections containing viruses like Sivis, Ramnit and Virut are the most common, followed by Trojans that can provide threat actors access to Internet-facing environments.

The analysis found that 3,000 unique industrial sites are hit by traditional, non-targeted malware each year. While these incidents may not be as severe as targeted attacks, they can cause liability issues and downtime to operations, which in turn increases financial costs.

Dragos’ research also found that targeted ICS attack are not as rare as we once thought. The security firmed spotted a dozen intrusions involving ICS-themed malware, but only three strains of malware are currently known to specifically target ICS systems- Stuxnet, Havex, and BlackEnergy.

These threats target operators and engineers masquerading as legitimate ICS software. One ICS-themed malware that caught Dragos’ attention has been disguised as software for Siemens programmable logic controls (PLCs). The crimeware has been submitted to public malware databases ten times since 2013 and March 2017. The samples were originally identified by anti-virus as false positives and later as a basic piece of malware.

Another key finding of this study is related to operational security (OPSEC). Researchers found that public malware databases oftentimes contain authentic ICS Software components that have been inaccurately flagged as malicious. What this ultimately means is hackers have the ability to download the software files and leverage access to them for their own knowledge and practice. It’s important that we keep legitimate software out of the hands of cyber criminals as this will help increase the time it takes for them to target our IT environments.

It’s important that the industrial sector abide by the NERC CIP Compliance standards, and with NNT we can make achieving, proving and remaining NERC CIP Compliant a breeze. NNT solutions can help address all CIP Standards, meeting requirements of CIP-002,CIP-003,CIP-004,CIP-005, CIP-006,CIP-007,CIP-008,CIP-009,CIP-010 and CIP-011.

 

Read this article on SecurityWeek

 

 

 

 

 

 

NNT Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email[email protected]
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email[email protected]
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.