Security

Irongate malware: What are the risks to industrial control systems?

FireEye recently discovered a new type of malware called Irongate, which has exhibited some of the same characteristics…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

as Stuxnet in targeted attacks on industrial control systems. What are the Stuxnet traits exhibited by the Irongate malware, and what are the risks to enterprises?

All pieces of malware have some similarities with Stuxnet. The Stuxnet malware was designed and targeted at very specific supervisory control and data acquisition (SCADA) systems in Iran for very specific reasons. It was a sophisticated piece of malware when it came out, but had much of the same functionality as other malware, including an initial infection method and dropper. FireEye discovered the Irongate malware while searching VirusTotal, a free malware scanner, for files that use PyInstaller. The Irongate developers have made advancements with their malware’s anti-analysis functionality, compared to the Stuxnet malware which just checks for antivirus software. Since the Irongate malware was identified via secondary data analysis on VirusTotal data rather than from investigating compromised systems, it is difficult to establish the full extent of the malware functionality and attack. This is, however, a good use of a community data repository.

Like the Stuxnet malware, Irongate attacks ICSs, looks for a specific process to infect and replaces dynamic link libraries to manipulate the process. Enterprises with ICS or SCADA systems need to continue to maintain the security of their environments, and implement new security controls after risk assessments are performed. As FireEye stated, there is minimal risk to enterprises as Irongate appears to be proof-of-concept malware that doesn’t perform malicious actions. Enterprises with Siemens control systems should contact Siemens to find out if their systems are vulnerable to the Irongate malware, because neither FireEye nor Siemens have publicly listed what systems were vulnerable.

FireEye has two recommendations that are common in more mature software development environments — using code signing for software in use and to include sanity checking in IO data. FireEye released indicators of compromise that an enterprise could check on its ICS or SCADA systems to see if it had been compromised, but it might be more important to just ensure that your enterprise has the capability to check its ICS or SCADA systems for these indicators, rather than performing a search for the Irongate malware.

Next Steps

Find out the possible impact of malware-infected ICS and SCADA systems

Read about BlackEnergy malware attacks on electric companies’ ICS software

Learn about the need to increase defensive cybersecurity


Dig Deeper on Enterprise Risk Management: Metrics and Assessments


Source link

Tags