The Hill, Jan. 14:
The energy sector was the target of more than 40 percent of all reported cyberattacks on critical infrastructure networks last year, according to the Department of Homeland Security (DHS).
Malicious attacks on oil-and-gas pipelines and electric utilities occurred at an “alarming rate,” DHS’s Industrial Control Systems Cyber Emergency Response Team warns in a recent report. [...]
Power Engineering, Jan. 15:
Two unnamed U.S. power plants fell victim to a cyber attack after viruses and malware were found on computers in the plants. Both incidents were reported in a newsletter from the U.S. Industrial Control Systems Cyber Emergency Response Team, a section of the U.S. Department of Homeland Security. [...]
PCMag, Jan. 16 (h/t Anonymous tip):
[...] The incident is reminiscent of Stuxnet, a virus reportedly deployed by the U.S. and Israeli governments in order to slow the spread of Iran’s nuclear program. The actual deployment of Stuxnet was carried out by “spies and unwitting accomplices,” who physically carried thumb drives loaded with the virus into the facility, according to a 2012 New York Times report.
ICS-CERT recently provided onsite support at a power generation facility where both common and sophisticated malware had been discovered in the industrial control system environment. The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive’s operation. The employee routinely used this USB drive for backing up control systems configurations within the control environment. When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits. Initial analysis caused particular concern when one sample was linked to known sophisticated malware. [...]
In early October 2012, a power company contacted ICS-CERT to report a virus infection in a turbine control system which impacted approximately ten computers on its control system network. Discussion and analysis of the incident revealed that a third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades. Unknown to the technician, the USB-drive was infected with crimeware. The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately 3 weeks. [...]
Published: January 17th, 2013 at 12:19 am ET