Researchers Discover Malware That Targets Industrial Control Systems

The malicious software was crafted to manipulate a specific industrial process running within a simulated Siemens control system environment, researchers say.

MILPITAS, Calif. – A team of network security researchers have discovered a malicious computer software cunningly designed to attack industrial control systems (ICS) used in critical infrastructure, for example, power generation or chemical plants.

In a report released today, FireEye researchers said they identified the malware – which they dubbed Irongate – last year while researching viruses that attack ICS. The report states Irongate is only the fourth such class of malware ever found.

“Irongate invokes ICS attack concepts first seen in Stuxnet, but in a simulation environment. Because the body of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) malware is limited, we are sharing details with the broader community,” the report states.

Stuxnet was jointly created by the United States and Israel, although neither country has officially acknowledged its involvement. Anonymous U.S. officials have previously claimed Stuxnet was developed to sabotage Iran’s nuclear program with what would seem like a long series of ill-fated accidents.

The FireEye Labs Advanced Reverse Engineering (FLARE) team said it does not know who created Irongate or why. And while the malware is designed to work only on software that simulates a real machine, its characteristics are still notable.


READ NEXT: DHS Official Warns of More Cyber Attacks On Industrial Control Systems


For example, Irongate records five seconds of normal control activity and then repeatedly plays it back to trick control room operators into thinking the ICS are working properly. Simultaneously, as the operators observe only normal activity on their monitors, the malware is able to swap computer files that modify the temperature and pressure on a specific type of Siemens control system.

However, Siemens has confirmed that the malware would not work against its standard control system environment.

“Siemens Product Computer Emergency Readiness Team (ProductCERT) confirmed that Irongate is not viable against operational Siemens control systems and determined that Irongate does not exploit any vulnerabilities in Siemens products,” the report states. “We are unable to associate Irongate with any campaigns or threat actors. We acknowledge that Irongate could be a test case, proof of concept, or research activity for ICS attack techniques.”

The FLARE team, based here, discovered the malware on VirusTotal, a free online service that analyzes suspicious computer files and facilitates the detection of worms and other malware.

Go here to read the entire report.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

Contact:

Although Bosch’s name is quite familiar to those in the security industry, his previous experience has been in daily newspaper journalism. Prior to joining SECURITY SALES & INTEGRATION in 2006, he spent 15 years with the Los Angeles Times, where he performed a wide assortment of editorial responsibilities, including feature and metro department assignments as well as content producing for latimes.com. Bosch is a graduate of California State University, Fresno with a degree in Mass Communication & Journalism. In 2007, he successfully completed the National Burglar and Fire Alarm Association’s National Training School coursework to become a Certified Level I Alarm Technician.

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters