Potentially Serious Threat Targets Control Systems

According to Byres Security Inc., a new family of threats called Stuxnet appears to be directed specifically at Siemens WinCC and PCS7 products via a previously unknown Windows vulnerability.  Byres also discovered a concerted Denial of Service attack against a number of the SCADA information networks such as SCADASEC and ScadaPerspective mailing lists, knocking at least one of these services off line.

Eric Byres, P.E., and Chief Technology Officer of Byres, offers these facts:

• This is a zero-day exploit against all versions of Windows including Windows XP SP3, Windows Server 2003 SP 2, Windows Vista SP1 and SP2, Windows Server 2008  and Windows 7.
• There are no patches available from Microsoft at this time (There are workarounds, which I will describe later).
•  This malware is in the wild and probably has been for the past month.
• The known variations of the malware are specifically directed at Siemens WinCC and PCS7 Products.
• The malware is propagated via USB key. It may be also be propagated via network shares from other infected computers.
•  Disabling AutoRun does not help! Simply viewing an infected USB using Windows Explorer will infect your computer.
• The objective of the malware appears to be industrial espionage; i.e. to steal intellectual property from SCADA and process control systems. Specifically, the malware uses the Siemens default password of the MSSQL account WinCCConnect to log into the PCS7/WinCC database and extract process data and possibly HMI screens.

The only known workarounds  are:
• NOT installing any USB keys into any Windows systems, regardless of the OS patch level or whether AutoRun has been disabled or not
• Disable the displaying of icons for shortcuts (this involves editing the registry)
• Disable the WebClient service

Byres and his team have written a short white paper called “Analysis of Siemens WinCC/PCS7 Malware Attacks.” www.tofinosecurity.com/professional/siemens-pcs7-wincc-malware . If you would like to download the white paper, you will need to register on the website. Byres notes that the whitepaper is in a secure area. People who are already www.tofinosecurity.com web members do not need to reregister.

More News:

  • DuPont Challenge Encourages Entries For 2015 Competition

    The DuPont Challenge encourages students to develop a better understanding and passion for STEM by researching and writing an informative essay offering solutions to today’s challenges regarding food, energy, protection and innovation, or a story on a science discovery.

  • SOCMA Hosts 93rd Annual Dinner And Awards Showcase

    The Society of Chemical Manufacturers and Affiliates (SOCMA) is returning to the New York Marriott Marquis Times Square on December 8, 2014, for its 93rd Annual Dinner honoring Performance Improvement Award winners and featuring a Leadership and Business Development Speaker Showcase.

  • Summit Features Bio-Based Tech Startups

    The 6th Next Generation Bio-Based & Sustainable Chemicals Summit, February 3 – February 5, 2015, in New Orleans, LA brings together bio-based tech startups, specialty chemical manufacturers, chemical majors, feedstock providers, financiers and strategic venture capitalists to explore bio-based chemicals.

  • Flint Hills Resources Will Cease Marysville Operations

    Flint Hills Resources plans to close its Marysville, Michigan polypropylene facility.

  • EFCE Seeks Award Nominees

    Award honors outstanding thesis in thermodynamics or transport properties

  • British Safety Regulator Gets New Head

    Executive has worked in both the public and private sectors

  • AkzoNobel Partnership Investigates Waste As Feedstock

    AkzoNobel is part of a major Dutch partnership working with Canada's Enerkem to explore the use of waste streams as a feedstock for chemical production and the development of waste-to-chemicals facilities.

  • Scientist And CorningWare Inventor Stookey Dies

    S. Donald Stookey, credited with inventing CorningWare, died on Tuesday, November 4 at the age of 99.

  • DOE Funds New Gasification Research

    The Department of Energy announced new investments in gasification research.

  • SOCMA Awards Honor EHS&S Improvement

    More than 28 member facilities will receive 2014 Performance Improvement Awards for their outstanding commitment to continuous improvement in environmental, health, safety and security (EHS&S) practices at the Society of Chemical Manufacturers and Affiliates (SOCMA) 93rd Annual Dinner on December 8 in New York.

All news »

What are your comments?

Join the discussion today. Login Here.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments