It is currently 18-12-2017 04:17

Introduces a new worm for automatic control systems

Introduces a new worm for automatic control systems

by sigismund » 2016-08-08 12:02:17


PLC-Blaster can automatically detect and to infect the PLC.


At the conference Black Hat USA researchers from OpenSource Security presented PoC-code of the worm, striking automated production control system. According to experts, PLC-Blaster can automatically detect and infect programmable logic controllers (PLC).

The worm, first presented at the Black Hat Asia in March this year, designed to infect Siemens PLC SIMATIC S7-1200. According to assurance of representatives of Siemens, PLC-Blaster does not exploit vulnerabilities in the products of the company. As reported by the IB-expert from OpenSource Security Mike Brüggemann (Maik Brüggemann), malware is a threat to any industrial networks.

"Such threats are new to using industrial controllers of companies, which usually protected from outside attacks. It is not improbable that the worm for the PLC can be distributed by the supplier or internally, therefore, should worry not only Siemens. Worms pose a new threat for all sorts of industrial networks", - quotes the edition Bruggeman Threatpost.

During Black Hat USA, the expert showed how an attacker with physical or network access to the PLC can infect a network worm and to carry out a number of different attacks. The hacker could also program the infected PLCs so that they are automatically connected to the controlled C&C server, and to manage the controllers remotely (if they are connected to the Internet).

Attacks using PLC-Blaster possible due to vulnerabilities in the management console, the PLC called the TIA Portal. Two of them affect the functions of Knowhow Protection and Copy Protection used to control the access passwords and serial numbers. Due to the vulnerability attacker can read and modify the code blocks associated with the hashed passwords and serial numbers to bypass the protection mechanisms in the TIA Portal and downloaded to PLC-Blaster.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5