#industrial-control-systems

#industrial-control-systems

The vulnerability, related to an insufficiently protected cryptographic key, could allow a remote, unauthenticated attacker to bypass verification and connect to a targeted controller by mimicking an engineering workstation. In a real-world industrial environment, the vulnerability could allow remote attackers to manipulate PLC logic and disrupt manufacturing processes, or even cause physical damage to equipment.

Poland's computer emergency response team (CERT) has published a report detailing the recent attack by Russia-linked hackers on the country's power grid. The attack targeted communication and control systems at roughly 30 sites, including combined heat and power (CHP) plants and renewable energy dispatch centers for wind and solar facilities. The hackers gained access to industrial control systems (ICS), but primarily targeted grid safety and stability monitoring systems rather than active power generation systems.

Historical examples of this kind of attack include the Stuxnet malware that targeted Iranian nuclear enrichment plants. The malware destroyed centrifuges in 2009 by causing them to spin at dangerous speeds while feeding false "normal" data to operators. Another example is the Industroyer attack by Russia against Ukraine's energy sector in 2016. Industroyer malware targeted Ukraine's power grid, using the grid's own industrial communication protocols to directly open circuit breakers and cut power to Kyiv.

According to software supply chain security company Socket, the packages were published in 2023 and 2024 by a user named " shanhai666" and are designed to run malicious code after specific trigger dates in August 2027 and November 2028. The packages were collectively downloaded 9,488 times. "The most dangerous package, Sharp7Extend, targets industrial PLCs with dual sabotage mechanisms: immediate random process termination and silent write failures that begin 30-90 minutes after installation, affecting safety-critical systems in manufacturing environments," security researcher Kush Pandya said.

The victims included a municipal water facility where pressure values were changed, an oil and gas company whose tank gauge was tampered with, and a farm silo where drying temperatures were altered, "resulting in potentially unsafe conditions if not caught on time." Officials stressed these weren't sophisticated, state-sponsored operations but opportunistic intrusions that caused real-world disruption ranging from false alarms to degraded service. The attackers didn't need custom malware or insider access either - just a connection and curiosity.

Red Lion's Sixnet RTUs provide advanced automation, control, and data acquisition capabilities in industrial automation and control systems, primarily across energy, water, and wastewater treatment, transportation, utilities, and manufacturing sectors. These industrial devices are configured using a Windows utility called Sixnet IO Tool Kit, with a proprietary Sixnet "Universal" protocol used to interface and enable communication between the kit and the RTUs.

NIST has published a new guide designed to help organizations reduce cybersecurity risks associated with the use of removable media devices in operational technology (OT) environments. NIST Special Publication (SP) 1334 was authored by the National Cybersecurity Center of Excellence (NCCoE) and it focuses on the use of USB flash drives, but also mentions other types of removable media such as external hard drives and CD/DVD drives.