Although attacks on industrial environments often with attacks by countries are linked, it would be here involve ordinary cybercriminals. "It's an interesting trend, traditional banking Trojans and no targeted attacks," Wilhoit as late versus Dark Reading know. According to the researcher criminals focus their sights on SCADA / ICS systems because they are unsafe.
Many HMI machines run on Windows and would not use a virus scanner or are not equipped with the latest signatures. Most malware Wilhoit encountered no problems would be detected by an up-to-date virus scanner. While targeted attacks are still at risk managers should also take into account normal "crimeware", as the consequences can be just as bad. HMI systems are very susceptible to interference. Infection by a banking Trojan can also just as easily get the system down.
Wilhoit saw in October for the first peak in the attacks, but does not know what the occasion is. The criminals behind the malware use spear phishing mails and drive-by downloads to infect computers. Fake websites are used on that instance, resemble those of Siemens and supposedly download a WinCC update, while it is actually malware. Wilhoit 32 recently discovered malware instances that occurred as WinCC software. Next week, the researcher during a conference SCADA give more details about his research.
No comments:
Post a Comment