The only good news here is that, despite some of its stealthy ways, Sality’s presence on a host cannot be completely hidden. Unfortunately, the dropper it drops in the background and the Sality malware the dropper downloads are very bad news for any system, let alone one that’s part of an operation technology (OT) network (or can reach it directly). Instead, it exploits a vulnerability to retrieve it in cleartext format. The passoword cracker they analyzed does seem to work as advertised, insofar that it is able to recover Automation Direct’s DirectLogic 06 PLC password – but not by cracking it. However, initial dynamic analysis of a couple of other samples indicate they also contain malware,” the researchers noted. “Dragos only tested the DirectLogic-targeting malware. These appear to be tailor-made to work on PLCs and HMIs by AutomationDirect, Omron, Siemens, ABB, Delta Automation, Fuji Electric, Mitsubishi Electric, Pro-Face, Vigor Electric, Weintek, Allen-Bradley, Panasonic, Fatek, IDEC Corp., and LG. Several websites and multiple social media accounts are touting password-cracking software for PLCs, HMIs and project files, Dragos researchers have found. Thus, industrial engineers who can’t access PLC programming software or an HMI because they don’t know the right password occasionally turn to the internet to find a tool to help them crack it. Unfortunately, necessity often compels people to make bad decisions. Makes compromised hosts part of a peer-to-peer botnet that engages in password cracking and cryptocurrency miningĭownloading password-cracking software created by an unknown, untrusted third party is rarely (if ever!) a good idea.Abuses Windows’ autorun functionality to spread copies of itself over USBs, network shares, and external storage drives.Identifies security products (AVs, firewalls) and terminates them.
The password-cracking software also carries a dropper that infects the machine with Sality malware, which: A threat actor is targeting industrial engineers and operators with trojanized password-cracking software for programmable logic controllers (PLCs) and human-machine interfaces (HMIs), exploiting their pressing needs to turn industrial workstations into dangerous bots.Īccording to Dragos researchers, the adversary seems not to be interested in disrupting industrial processes but making money.
0 kommentar(er)
