Search here...
SUBSCRIBE
Security

Threat actors have new tools for attacking ICS, SCADA devices, say US cyber agencies

Share post:

Howard Solomon
Howard Solomon
1 min.
American cyber intelligence agencies are warning that unnamed advanced threat actors now have the ability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices. The alert issued Wednesday by the U.S. Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA), the NSA and the FBI is particularly aimed at energy providers. But it also applies to any organization that uses ICS and SCADA devices. The alert says the threat groups have the capability to access a number of devices but particularly:
  • Schneider Electric programmable logic controllers (PLCs);
  • OMRON Sysmac NEX PLCs;
  • Open Platform Communications Unified Architecture (OPC UA) servers.
The threat actors have developed custom-made tools for targeting ICS/SCADA devices., the alert says. The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network. In addition, the actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions, the report emphasizes. It urges critical infrastructure organizations to implement the detection and mitigation recommendations provided in the report to detect potential malicious activity and harden their ICS/SCADA devices. Those mitigations include:
  • isolating ICS/SCADA systems and networks from corporate and internet networks using strong perimeter controls, and limit any communications entering or leaving ICS/SCADA perimeters;
  • enforcing multifactor authentication for all remote access to ICS networks and devices whenever possible.
Models at risk
The Schneider Electric MODICON and MODICON Nano PLCs at risk include the TM251, TM241, M258, M238, LMC058, and LMC078 models. The OMRON Sysmac NJ and NX PLCs at risk include the NEX NX1P2, NX-SL3300, NX-ECC203, NJ501-1300, S8VK, and R88D-1SN10F-ECT models. The post Threat actors have new tools for attacking ICS, SCADA devices, say US cyber agencies first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Mobility

Microsoft reveals critical security flaw affecting Android apps

Microsoft has identified a serious vulnerability in Android apps that could allow malicious software to hijack legitimate apps...
Infrastructure

Chinese government websites “Riddled with security flaws” say researchers

A recent study conducted by researchers from the Harbin Institute of Technology reveals significant security issues plaguing Chinese...
Podcasts

Cyber Security Today, May 3, 2024 – North Korea exploits weak email DMARC settings, and the latest Verizon analysis of thousands of data breaches

This episode reports on warnings about threats from China, Russia and North Korea, the hack of Dropbox Sign's infrastructure
Podcasts

Hashtag Trending for World Password Day, Thursday, May 2nd, 2024

Security firm Okta warns of an unprecendented password stuffing attack that is piggybacking on regular user’s mobile and...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways

Subscribe Now

Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Most Popular Categories
Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals - executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways

Subscribe