BlackEnergy Malware Attacks!
Like something out of a Tom Clancy novel comes BlackEnergy malware. The Department of Homeland Security announced today that Kapersky Lab researchers have identified a new type of malware dubbed “BlackEnergy.” This threat is specifically targeting computer systems responsible for maintaining critical infrastructure related to power, water, and gas distribution, refinery operation, and commercial industrial plants.
BlackEnergy was written to attack ARM and MIPS processing systems, but a more disturbing aspect is that it can also infect network devices such as IP switches. The creator of this software was very sophisticated, developing software that specifically targets strategic and critically sensitive infrastructure, rather than consumer credit cards or bank accounts. The systems most susceptible to BlackEnergy are Human Management Interface (HMI) control systems used in DCS and SCADA, and, as mentioned earlier, in embedded network devices. The control systems of many major manufacturers have been identified as being at risk.
BlackEnergy can be introduced onto a system and then made dormant while it waits for execution instructions from an attacker. One pundit described its method of attack as similar to the Mutually Assured Destruction Doctrine; during the Cold War, if either side initiated an attack, the other would respond in kind, ensuring mutual devastation. BlackEnergy functions in a similar manner: if an organization attempts to fight back against BlackEnergy, they will unleash a counter-attack that will destroy the very systems hosting the BlackEnergy malware.
The best defense against attacks like BlackEnergy is to fully “air gap” systems from external network access. This means severing all connectivity to the Internet, dial up access, etc. Solutions like RGB Spectrum’s Multipoint Control Room Management System (MCMS) isolate controlled systems from the networks they operate on. With a hardware-based control system like MCMS, users in an operation center can control and view video data from HMI and network systems, without being connected to the network or using vulnerable input/output resources like USB thumb drives, DVD, or other removable disk media. If systems are completely air-gapped from outside access, attackers will not be able to execute a BlackEnergy attack.
In light of this threat, critical infrastructure operators should immediately disconnect their network infrastructure from outside access. RGB Spectrum can help you accomplish this without disrupting your operations, leaving your systems fully accessible, while also being fully protected. Visit www.rgb.com or call us for a consultation on how to implement an air gap strategy for your critical infrastructure.
For more details about the recent rash of BlackEnergy attacks, check out this article: