Hackers are using a new channel of attack for penetrating networks. A malware threat previously used in direct attacks against energy sector companies is now being aimed at organizations that use or develop industrial applications and machines. This strategy introduces malware into systems that are then connected into target networks.
In early 2014 attackers began distributing new versions of a remote access Trojan (RAT) program via a new distribution strategy. The new malware variation is called Havex. The new strategy entails hacking into the websites of industrial control system manufacturers and poisoning their legitimate software downloads with the Havex malware.
Once downloaded on the network, the new malicious Havex component scans local area networks for devices that respond to Open Platform Communications (OPC) requests. OPC is a communications standard that allows interaction between Windows-based SCADA applications and process control hardware.
It’s been confirmed that three software vendor sites were compromised in this way. “The software installers available on the sites were trojanized to include the Havex RAT.” Two of them develop industrial control system remote management software, and the third supplies high-precision industrial cameras and related software. One network in a company in California was also detected sending data to the Command and Control servers for attackers to analyze.
The new distribution technique, in addition to more traditional attacks like spam emails and Web-based exploits, indicates that those behind the operation are specifically interested in targeting organizations using industrial control systems and supervisory control and data acquisition (SCADA) applications, such as energy and utility companies.
Sources: Euroweeklynews.com, homelandsecuritynewswire.com