Researchers at the industrial cybersecurity firm Dragos have found that thousands of industrial facilities have their systems infected with common malware every year.

As part of a project termed MIMICS (Malware in Modern ICS), Dragos has identified 30,000 samples of malicious ICS files and installers from 2003 to 2017. Non-targeted infections containing viruses like Sivis, Ramnit and Virut are the most common, followed by Trojans that can provide threat actors access to Internet-facing environments.

The analysis found that 3,000 unique industrial sites are hit by traditional, non-targeted malware each year. While these incidents may not be as severe as targeted attacks, they can cause liability issues and downtime to operations, which in turn increases financial costs.

Dragos’ research also found that targeted ICS attack are not as rare as we once thought. The security firmed spotted a dozen intrusions involving ICS-themed malware, but only three strains of malware are currently known to specifically target ICS systems- Stuxnet, Havex, and BlackEnergy.

These threats target operators and engineers masquerading as legitimate ICS software. One ICS-themed malware that caught Dragos’ attention has been disguised as software for Siemens programmable logic controls (PLCs). The crimeware has been submitted to public malware databases ten times since 2013 and March 2017. The samples were originally identified by anti-virus as false positives and later as a basic piece of malware.

Another key finding of this study is related to operational security (OPSEC). Researchers found that public malware databases oftentimes contain authentic ICS Software components that have been inaccurately flagged as malicious. What this ultimately means is hackers have the ability to download the software files and leverage access to them for their own knowledge and practice. It’s important that we keep legitimate software out of the hands of cyber criminals as this will help increase the time it takes for them to target our IT environments.

It’s important that the industrial sector abide by the NERC CIP Compliance standards, and with NNT we can make achieving, proving and remaining NERC CIP Compliant a breeze. NNT solutions can help address all CIP Standards, meeting requirements of CIP-002,CIP-003,CIP-004,CIP-005, CIP-006,CIP-007,CIP-008,CIP-009,CIP-010 and CIP-011.


Read this article on SecurityWeek







NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.