New Industrial Control System Security Threat

The U.S. government’s Cybersecurity and Infrastructure Agency issues new alert about attacks targeting ICS/SCADA devices.

如果您正在阅读这一点,您肯定是工业控制系统(IC)的用户,以控制您的生产操作,或者至少是这些技术是您用来生产货物的机器上的关键组件。这就是你需要遗工的原因他最新提醒网络安全和基础设施代理(CISA)关于针对IC / SCADA设备的网络安全工具.

According to the alert, “The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released this joint Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices, including:

  • 施耐德电动可编程逻辑控制器(PLC),
  • 欧姆龙sysmac nex plcs,
  • Open Platform Communications Unified Architecture (OPC UA) servers.

    The APT actors have developed custom-made tools for targeting ICS/SCADA devices. The tools enable them to scan for, compromise, and control affected devices once they have established initial access to the operational technology (OT) network. Additionally, the actors can compromise Windows-based engineering workstations, which may be present in information technology (IT) or OT environments, using an exploit that compromises an ASRock motherboard driver with known vulnerabilities. By compromising and maintaining full system access to ICS/SCADA devices, APT actors could elevate privileges, move laterally within an OT environment, and disrupt critical devices or functions.”

    虽然此警报主要针对关键基础设施组织(例如,发电),但警报中列出的技术广泛用于行业垂直。因此,所有类型的公司都可能受到影响。正如几年前所看到的那样,随着几年前的武曼卡克里和不受欢迎的攻击,这些攻击的特定操作的目标不会保护这些攻击的非目标公司或垂直。

    此警报的一个关键方面是它突出显示了三个特定步骤,用户可以采取以帮助防止这些最新攻击(请参阅右上角的框中的信息the alert)。


    Read more about the industry-wide impacts of theWannaCry and NotPetya cybersecurity attacks.


    Eric Byres,CISA ICS顾问和ICS软件网络安全公司的首席技术官aDolus技术says, “This is a classic case of why we need better supply chain transparency and analytics if we want to secure our critical infrastructure from nation states. Many of the underlying issues aren't in the software Schneider's engineers created, it is in the third-party code supplied by a German company called CoDeSys Group. They provide CoDeSys Runtime, a framework designed for executing industrial control system software. According to information that used to be [on the] CoDeSys website in 2019 (now removed), the CoDeSys Runtime product has been used in more than 350 devices from dozens of different OT vendors, and is widely used in the energy sector, industrial manufacturing, and Internet of Things systems.”

    Eric Byres, CISA ICS advisor and chief technology officer, at aDolus Technology.Eric Byres, CISA ICS advisor and chief technology officer, at aDolus Technology.这可能引导工业用户相信,如果他们使用Schneider软件,那么它们应该寻找分配给国家漏洞数据库中的Schneider产品的漏洞。但Byres说,这样做的公司“不会找到[因为]漏洞都被列为CodeSys问题。例如,CVE-2022-22519没有提及受影响的单一产品。“

    Byres adds that this CISA Alert hints that this alert is “just the tip of the iceberg” in its statement that: This capability may work against other CoDeSys-based devices depending on individual design and function, and this report will be updated as more information becomes available.

    “There are thousands of industrial facilities across the nation who believe they have dodged the bullet because they don't use Schneider or Omron products. They haven't dodged anything—they are just sitting ducks to these nation-state attackers,” he says.

    More in Cybersecurity