Cyber Attacks Part II – New Distribution Strategies by Hackers

Hackers are using a new channel of attack for penetrating networks.  A malware threat previously used in direct attacks against energy sector companies is now being aimed at organizations that use or develop industrial applications and machines.  This strategy introduces malware into systems that are then connected into target networks.

In early 2014 attackers began distributing new versions of a remote access Trojan (RAT) program via a new distribution strategy.  The new malware variation is called Havex.  The new strategy entails hacking into the websites of industrial control system manufacturers and poisoning their legitimate software downloads with the Havex malware.

Once downloaded on the network, the new malicious Havex component scans local area networks for devices that respond to Open Platform Communications (OPC) requests. OPC is a communications standard that allows interaction between Windows-based SCADA applications and process control hardware.

It’s been confirmed that three software vendor sites were compromised in this way.  “The software installers available on the sites were trojanized to include the Havex RAT.”  Two of them develop industrial control system remote management software, and the third supplies high-precision industrial cameras and related software.  One network in a company in California was also detected sending data to the Command and Control servers for attackers to analyze.

The new distribution technique, in addition to more traditional attacks like spam emails and Web-based exploits,  indicates that those behind the operation are specifically interested in targeting organizations using industrial control systems and supervisory control and data acquisition (SCADA) applications, such as energy and utility companies.

Interested in discussing more? Contact me at jmcnally@westmonroepartners.com or stop by and see us at Distributech Booth 620 Feb 2-5th.  We would love to hear your thoughts!

Sources: Euroweeklynews.com, homelandsecuritynewswire.com

Your email address will not be published. Required fields are marked *

Phone: 312-602-4000
Email: marketing@westmonroepartners.com
222 W. Adams
Chicago, IL 60606
Show Buttons
Share On Facebook
Share On Twitter
Share on LinkedIn
Hide Buttons