by : David Thomas
Security researchers have discovered a new version of the Stuxnet malware, known as "Havex" which was used in a series of cyber attacks against the
above organizations in the energy sector. As you will see in most
cases, the affected sector is the energy sector. The famous Stuxnet worm
was designed to sabotage the Iranian nuclear plants, now, the new version
is scheduled to affect software systems for industrial control SCADA
and ICS capabilities disable devices in hydroelectric dams, as well
nuclear power plants and even disable power grids using these types of
devices.
The so-called
Backdoor: W32 / Havex.A and variants of names depending on the antivirus
vendor is a remote access Trojan generic and has recently been detected
in a series of European companies that develop software applications
for SCADA and ICS. Havex is equipped with a new component, whose
purpose is to collect information from the network and connected devices
by leveraging the OPC (Open Platform Communications) standard. OPC is a
communication standard that allows interaction between Windows-based
SCADA applications and process control hardware. The malware scans the
local network for devices that respond to requests from OPC to collect
information about industrial control devices and then sends that
information to its command and control server (C & C). Intelligence
on development, has prepared the Havex in a function to collect
information and send it to a server for developers of this worm, can
enhance the Havex more precise functions make efficient and achieve the
attack. One of the issues which are companies that own these types of
devices is still using SCADA with very tight versions of Windows that do
not support or upgrades that may mitigate some of these safety issues
and lack of Information Security Training emphasis
on staff adds another level of threats. What we recommend is that the
production line or that have SCADA network that has the following
protections:
1) Where the SCADA LAN not have Internet access,
2) The teams are not accessible from the LAN to the users working in the company network.
3) If you must transfer files, do another VLAN or a segmented network and use services such as FTP or similar.
4) Do not allow the use of SCADA pendrive in those devices that
support it. Transferring files to the same should be through a secure
channel.
