Potentially Serious Threat Targets Control Systems

According to Byres Security Inc., a new family of threats called Stuxnet appears to be directed specifically at Siemens WinCC and PCS7 products via a previously unknown Windows vulnerability.  Byres also discovered a concerted Denial of Service attack against a number of the SCADA information networks such as SCADASEC and ScadaPerspective mailing lists, knocking at least one of these services off line.

Eric Byres, P.E., and Chief Technology Officer of Byres, offers these facts:

• This is a zero-day exploit against all versions of Windows including Windows XP SP3, Windows Server 2003 SP 2, Windows Vista SP1 and SP2, Windows Server 2008  and Windows 7.
• There are no patches available from Microsoft at this time (There are workarounds, which I will describe later).
•  This malware is in the wild and probably has been for the past month.
• The known variations of the malware are specifically directed at Siemens WinCC and PCS7 Products.
• The malware is propagated via USB key. It may be also be propagated via network shares from other infected computers.
•  Disabling AutoRun does not help! Simply viewing an infected USB using Windows Explorer will infect your computer.
• The objective of the malware appears to be industrial espionage; i.e. to steal intellectual property from SCADA and process control systems. Specifically, the malware uses the Siemens default password of the MSSQL account WinCCConnect to log into the PCS7/WinCC database and extract process data and possibly HMI screens.

The only known workarounds  are:
• NOT installing any USB keys into any Windows systems, regardless of the OS patch level or whether AutoRun has been disabled or not
• Disable the displaying of icons for shortcuts (this involves editing the registry)
• Disable the WebClient service

Byres and his team have written a short white paper called “Analysis of Siemens WinCC/PCS7 Malware Attacks.” www.tofinosecurity.com/professional/siemens-pcs7-wincc-malware . If you would like to download the white paper, you will need to register on the website. Byres notes that the whitepaper is in a secure area. People who are already www.tofinosecurity.com web members do not need to reregister.

More News:

  • IChemE Introduces New Academic Journal

    Sustainable Production and Consumption (SPC), a new academic journal from the Institution of Chemical Engineers (IChemE), in partnership with Elsevier, will launch in 2015 and focus on the importance of sustainability in sectors as diverse as retail, tourism, transport, health, food, energy, construction and the chemical and process industries.

  • Eastman Completes Taminco Acquisition

    Eastman Chemical Company completed its acquisition of specialty chemical producer Taminco Corporation.

  • Vertellus Acquires Dow SBH Business

    Vertellus, a producer of specialty chemicals for the life sciences sector and other industrial applications, signed a definitive agreement to acquire the sodium borohydride (SBH) business, including associated assets, from The Dow Chemical Company.

  • Energy Dept. Awards Pitt Grant To Improve Power Plant Safety

    The U.S. Department of Energy has tapped the University of Pittsburgh’s Swanson School of Engineering to help improve nuclear power plant safety.

  • NABE Forecasts Accelerated Economic Growth In Coming Year

    Economic growth is expected to accelerate in 2015, according to the December 2014 Outlook Survey from the National Association for Business Economics (NABE).

  • CHF Exhibit Features 15th Century Alchemical Manuscripts And Art

    Books of Secrets: Writing and Reading Alchemy, a new exhibit of alchemical art and documents, opened December 5 in the Museum at the Chemical Heritage Foundation (CHF).

  • AIChE Honors Stuart L. Cooper With Founders Award

    The American Institute of Chemical Engineers (AIChE) presented the Founders Award for Outstanding Contributions to the Field of Chemical Engineering, to Stuart L. Cooper, professor and chair of the Department of Chemical and Biomolecular Engineering at The Ohio State University.

  • Economic Reports Show Positive Week

    Economic reports were positive this week for the most part, according to Weekly Chemistry and Economic Trends report from the American Chemistry Council.

  • ACS Names New Executive Director

    Retiring DuPont executive will take helm

  • AkzoNobel Investigates Raw Material Production From Sugar Beet

    AkzoNobel joined forces with SuikerUnie, Rabobank, Deloitte, Investment and Development Agency for the Northern Netherlands (NOM), Groningen Seaports, and the Province of Groningen, to investigate the possibility of producing chemicals from beet-derived sugar feedstock

All news »

What are your comments?

Join the discussion today. Login Here.

Comments

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments