Two U.S. Power Plants Infected With USB Malware Last Year
January 17, 2013 3:01 PM
Origin of the attacks was not revealed
Illustrating why it might be a good idea to
ban external media
particularly in high-security environments
, the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) -- a sub-agency of the U.S. Department of Homeland Security (DHS) -- released a newsletter this week revealing that two power plants in the U.S. suffered malware infections last year thanks to infected thumb drives.
ICS-CERT officials write:
[In the first incident] the malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation. The employee routinely used this USB drive for backing up control systems configurations within the control environment.
[During the second incident] a third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades.
Unknown to the technician, the USB-drive was infected with crimeware.
The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks.
Most power providers in the U.S. are privately owned, thus the government
does not have the ability to order them what to do
security wise. But in its newsletter it firmly suggests adopting stricter restrictions on external media, commenting, "Such practices will mitigate many issues that could lead to extended system downtime."
A pair of breaches at U.S. power plants in 2012 via USB sticks, highlight the growing danger to the U.S. power grid. [Image Source: Reuters]
The U.S. federal government knows a think or two about the dangers of external media and writeable media. In 2008, the Pentagon suffered a major cyberattack that
originated from a single USB stick
plugged into a secured system. The malware, believed to have originated in Russia, quickly spread, compromising systems.
And in perhaps the most severe data loss incident in U.S. history, U.S. SPC Bradley Manning, a low-ranking U.S. Army Officer downloaded hundreds of thousands of classified documents and burned them to a CD-RW. He then allegedly
passed the documents to
, a site that has fixated on publishing supposedly "incriminating" material on the U.S. government.
The recent report on the power plant hacks did not mention where the malware appeared to originate from or the extent of the compromise. The specific malware used in each intrusion was also not revealed.
Chinese university researchers have published information suggesting an attack scheme in which malware is planted on power plant systems, only to be activated at a later date
causing catastrophic failures of the power grid
, crippling the nation a war scenario. In 2011 there was an alleged security breach
at a wind power facility
in the U.S., but that was believed to be the work of a disgruntled employee.
"A politician stumbles over himself... Then they pick it out. They edit it. He runs the clip, and then he makes a funny face, and the whole audience has a Pavlovian response." -- Joe Scarborough on John Stewart over Jim Cramer
6 Common-Sense Security Measures Every Business Should Adopt
December 27, 2012, 8:45 AM
U.S., Britain Doing Little to Protect Power, Gas, Water From Cyberattacks
April 19, 2011, 9:28 AM
Anonymous Hacker Threatens System Security Breach at U.S. Wind Facility
April 19, 2011, 8:36 AM
Whitelisting: Ban Those "Naughty" Devices and Beef up Security
December 14, 2010, 12:17 PM
USB Stick Led to Worst Cyber Attack on U.S. Military; Russia Suspected
August 26, 2010, 9:57 AM
PIQ ROBOTTM reveals its new artificial intelligence software
November 29, 2016, 12:59 AM
One more time - Happy Thanksgiving to Everyone Around the World
November 24, 2016, 4:00 AM
Google’s Smart Contact Lens Project gets halted for 2016
November 20, 2016, 7:00 AM
Cell Research Study shows African Americans have greater immune response to infection
November 10, 2016, 1:00 AM
UTHealth Clinical Trial Shows Progress Using Stem Cells to Treat Traumatic Brain Injury
November 8, 2016, 1:00 AM
Uber Partners with Circulation to Pilot Program Connecting Transportation and Digital Health Care
November 6, 2016, 5:00 AM
Most Popular Articles
What Can You Do with Your New Echo Dot?
December 3, 2016, 5:00 AM
Google has developed Deep Learning Algorithm to detect Diabetic Eye Disease
December 4, 2016, 5:00 AM
Microsoft Surface – Which Surface is Right for You?
December 2, 2016, 5:00 AM
The iPlugmate is an Excellent iPhone Flash Drive at a Great Price. (Deal Expires in 3 Days)
November 23, 2016, 1:00 AM
Foscam R2 Home Security Camera System – High Quality High FHD Security Video Footage with No Monthly Fees
December 1, 2016, 2:00 AM
Latest Blog Posts
Latest Tech News
Dec 8, 2016, 5:11 AM
In The News
Dec 7, 2016, 5:00 AM
e Guide: Mobile Security for 2017
Dec 6, 2016, 5:00 AM
Apple Car is Not Dead
Dec 5, 2016, 1:00 AM
Dec 4, 2016, 5:00 AM
Dec 3, 2016, 5:00 AM
Dec 2, 2016, 5:00 AM
Surface Ergonomic Keyboard
Dec 1, 2016, 3:01 AM
Chapeconense plane crash: Football rallies around Brazilian Team
Nov 30, 2016, 1:00 AM
How to Extends Your iPhone’s Battery Life
Nov 29, 2016, 12:49 AM
Nov 28, 2016, 1:12 AM
News: Fidel Castro
Nov 27, 2016, 5:00 AM
Nov 26, 2016, 5:00 AM
Changes in Social status affect the way genes turn on and off within immune cells.
Nov 25, 2016, 5:12 AM
Austrian far–right hopeful Hofer may back EU vote.
Nov 24, 2016, 4:00 AM
Final Fantasy XV Leaked Before Nov 29 Launch Date
Nov 23, 2016, 1:00 AM
Nov 22, 2016, 2:26 AM
Nov 21, 2016, 1:00 AM
HTC Makes Big Moves in China
Nov 20, 2016, 2:00 AM
Do you know who is the number one company in the word?
Nov 19, 2016, 5:30 AM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information