Investigators find no up-to-date antivirus, system backups for control systems.
Critical control systems inside two US power generation facilities were found infected with computer malware, according to the US Industrial Control Systems Cyber Emergency Response Team.
Both infections were spread by USB drives that were plugged into critical systems used to control power generation equipment, according to the organization’s newsletter for October, November, and December of 2012. The authors didn’t identify the owners of the facilities and there’s no indication the infections resulted in injuries or equipment failures.
The incidents were reported earlier by Threat Post, and they are the latest to underscore the vulnerabilities posed by so-called supervisory control and data acquisition systems that aren’t properly secured. SCADA and industrial control systems use computers to flip switches, turn dials, and manipulate other controls inside dams, power-generation plants, and other critical infrastructure. Computer malware that infects those systems can pose a threat by giving remote attackers the ability to sabotage sensitive equipment. Last year, a backdoor in a widely used piece of industrial software allowed hackers to illegally access a New Jersey company’s internal heating and air-conditioning system.
According to one of the articles in the newsletter, one of the infections was discovered after an employee experienced problems with the USB drive and called in IT staff to troubleshoot.
“When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits,” the newsletter reported. “Initial analysis caused particular concern when one sample was linked to known sophisticated malware.”
Based on the article, it’s not clear if the control system workstations use any form of antivirus protection.
Read more at Two US power plants infected with malware spread