ICS-CERT reports of viral infections in US electricity suppliers

The US Computer Emergency Response Team (US-CERT) reported in its current ICS-CERT Monitor of two virus infections in US electricity suppliers in the last quarter of 2012. In both cases, industrial control systems were infected via USB sticks. The pests caused, among other things, the multi-week outage of a power plant.

scada virus usb

In the first case presented an employee who waited routinely for control systems, found that his purpose unused USB stick did not seem to function properly. When called to help IT staff tested the drive on a computer with updated antivirus software, three viruses were directly displayed. One of the finds should have strongly reminiscent of an already “known sophisticated malicious software”. – The description matches the worm Stuxnet, the industrial drilling operations in Iran, including an electric utility in the province of Hormozgan, sabotaged. Please tell us the malware but it just was all about, the report does not reveal. The affected power generators turned ultimately with a message to the Industrial Control System-CERT (ICS-CERT) of the US-CERT, which freed the engineer also affected computer from malicious software. This rescue was particularly tricky because no backups exist and the potential exposure of the systems would “significantly affect” the operation.

In the second case, machines had been infected in a power plant through the USB flash drive to an external employee who allegedly did not know of the pests. The ICS-CERT speaks in this case of “crimeware” that interfered with the equipment. Until the power plant could go online again, it took more than three weeks.

The ICS-CERT examined the vulnerability of industrial facilities for Internet attacks more accurately for a long time. Among other things, in the current “Monitor” referred to the already longer-lasting “Project Shine”, which determines on the freely accessible search engine Shodan numbers to unsecured devices with SCADA and other control systems. The researchers have already found more than 500,000 potentially vulnerable, accessible over the network, devices. For more detailed investigations they were able to reduce to 7,200 vulnerable machines, the number of the United States. Over 100 other countries where the project vulnerable devices have been detected, warnings of “Project Shine” have received.