In its breakdown of the heating utility attack, Dragos says that the FrostyGoop malware was used to target ENCO control devices-Modbus-enabled industrial monitoring tools sold by the Lithuanian firm Axis Industries-and change their temperature outputs to turn off the flow of hot water...
Despite that Russia connection, Dragos says it hasn't tied the heating utility intrusion to any known hacker group it tracks. Dragos found that, while the hackers used their breach of the heating utility's network to send FrostyGoop's Modbus commands that targeted the ENCO devices and crippled the utility's service...
The malware appears to have been hosted on the hackers' own computer, not on the victim's network. Simple antivirus alone, rather than network monitoring and segmentation to protect vulnerable Modbus devices, likely won't prevent future use of the tool, warns Dragos analyst Mark 'Magpie' Graham...
You may potentially never see it in the environment, only its effects.
Collection
[
|
...
]