Malware Infects US Power Facilities Through USB Drives 136
angry tapir writes "Two U.S. power companies have reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The publication (PDF) did not name the malware discovered. The tainted USB drive came in contact with a 'handful of machines' at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment, ICS-CERT said."
Scan the security cameras... (Score:5, Insightful)
...If they have them installed and actually recording. Find out which ones were inserting the USB drives in question, fire them and ban them from ever being hired at any infastructure facilities. Train the remaining employees in security best practices and run random scans of any equipment they bring into the premises.
More often than not security breaches are a result of an oversight, but far too often, it's laziness and incompetence.
i wonder which is better (Score:2, Insightful)
1. It is stuxnet
2. it is something else
Re:Scan the security cameras... (Score:3, Insightful)
They know who did it - it was apparently a contractor installing software.
And banning USB keys or "scanning" is not the solution - the solution is to not use vulnerable crap like windows for any critical functions at something like a power plant. Although banning/firing any contractor that specified a windows based system for the installation in the first place, could be a good first step.
Good (Score:2, Insightful)
Good, if USB's are the infection route, then it probably means they've been smart enough to not connect these systems to the internet.
Good, they're not screaming 'cyber war' and conflating script kiddies with the country of the p0wned PC that sent the infection.
Bad, However, why have they left the USB ports open? And why are the ports autoexecuting this malware? I mean, even my Dad (82 years old) has the auto execute registry flag turned off. He can plug malware infected keys till his hearts content and it won't run. It's just really sloppy! You pay people to secure critical systems like this and they don't do their job, so you need to sack them and hire competent people instead.
Well at least as competent as an amateur 82 year old.
Re:Don't DEAL with problems, SOLVE them... (Score:5, Insightful)
3. Do not ALLOW any USB based access to any of the networked machines, ever. If at all, the USB drive needs to be connected to a Linux machine, that does not auto-mount or run any auto-magic stuff. Then, any files that need to be sent to the server need to be quarantined prior to updating.
The problem is the entire process of adding the software in the first place. The application should have been placed into a sterile test environment and proved out prior to ever being approved, then moved in a secure fashion to a staging environment for actual deployment. This whole thing reeks of massive violations of best practices, no matter what OS you happen to be using.
For example: "ICS-CERT recommended that the power facility adopt new USB use guidelines, including the cleaning of a USB device before each use."
Uh, yea NO SHIT. I work for an ISP and any code deployments which have to be done via USB, flash, or any other removable media MUST be done using company-owned media devices, that media is completely sterilized and staged in a pre-production environment prior to actual deployment. Anybody who let a contractor use his own equipment for such a deployment would be sacked without a second thought, and for this type of critical system we wouldn't rely on an outside contractor in the first place. Whoever is in charge of their practices and network/IT policies needs to be fired immediately and replaced by someone who is at least halfway competent.
Re:Scan the security cameras... (Score:5, Insightful)
the solution is to not use vulnerable crap like windows for
Right. So there would never be any risk when using Linux?
http://www.h-online.com/open/news/item/USB-driver-bug-exposed-as-Linux-plug-pwn-1203617.html [h-online.com]
http://news.softpedia.com/news/Researcher-Demonstrates-USB-Autorun-Attack-on-Linux-183611.shtml [softpedia.com]
http://linux.slashdot.org/story/11/02/07/1742246/usb-autorun-attacks-against-linux [slashdot.org]
http://www.omgubuntu.co.uk/2011/02/how-usb-autorun-malware-could-easily-infect-linux [omgubuntu.co.uk]
You are stupid to think that any OS is free of such problems. Or you are just blind to facts because of Linux fanaticism.