Researchers at the industrial cybersecurity firm Dragos have found that thousands of industrial facilities have their systems infected with common malware every year.

As part of a project termed MIMICS (Malware in Modern ICS), Dragos has identified 30,000 samples of malicious ICS files and installers from 2003 to 2017. Non-targeted infections containing viruses like Sivis, Ramnit and Virut are the most common, followed by Trojans that can provide threat actors access to Internet-facing environments.

The analysis found that 3,000 unique industrial sites are hit by traditional, non-targeted malware each year. While these incidents may not be as severe as targeted attacks, they can cause liability issues and downtime to operations, which in turn increases financial costs.

Dragos’ research also found that targeted ICS attack are not as rare as we once thought. The security firmed spotted a dozen intrusions involving ICS-themed malware, but only three strains of malware are currently known to specifically target ICS systems- Stuxnet, Havex, and BlackEnergy.

These threats target operators and engineers masquerading as legitimate ICS software. One ICS-themed malware that caught Dragos’ attention has been disguised as software for Siemens programmable logic controls (PLCs). The crimeware has been submitted to public malware databases ten times since 2013 and March 2017. The samples were originally identified by anti-virus as false positives and later as a basic piece of malware.

Another key finding of this study is related to operational security (OPSEC). Researchers found that public malware databases oftentimes contain authentic ICS Software components that have been inaccurately flagged as malicious. What this ultimately means is hackers have the ability to download the software files and leverage access to them for their own knowledge and practice. It’s important that we keep legitimate software out of the hands of cyber criminals as this will help increase the time it takes for them to target our IT environments.

It’s important that the industrial sector abide by the NERC CIP Compliance standards, and with NNT we can make achieving, proving and remaining NERC CIP Compliant a breeze. NNT solutions can help address all CIP Standards, meeting requirements of CIP-002,CIP-003,CIP-004,CIP-005, CIP-006,CIP-007,CIP-008,CIP-009,CIP-010 and CIP-011.


Read this article on SecurityWeek







The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.