Security researchers have discovered a new version of the Stuxnet malware, known as “Havex” which was used in a series of cyber attacks against the above organizations in the energy sector. As you will see in most cases, the affected sector is the energy sector. The famous Stuxnet worm was designed to sabotage the Iranian nuclear plants, now, the new version is scheduled to affect software systems for industrial control SCADA and ICS capabilities disable devices in hydroelectric dams, as well nuclear power plants and even disable power grids using these types of devices.
The so-called Backdoor: W32 / Havex.A and variants of names depending on the antivirus vendor is a remote access Trojan generic and has recently been detected in a series of European companies that develop software applications for SCADA and ICS. Havex is equipped with a new component, whose purpose is to collect information from the network and connected devices by leveraging the OPC (Open Platform Communications) standard. OPC is a communication standard that allows interaction between Windows-based SCADA applications and process control hardware. The malware scans the local network for devices that respond to requests from OPC to collect information about industrial control devices and then sends that information to its command and control server (C & C). Intelligence on development, has prepared the Havex in a function to collect information and send it to a server for developers of this worm, can enhance the Havex more precise functions make efficient and achieve the attack. One of the issues which are companies that own these types of devices is still using SCADA with very tight versions of Windows that do not support or upgrades that may mitigate some of these safety issues and lack of Information Security Training emphasis on staff adds another level of threats. What we recommend is that the production line or that have SCADA network that has the following protections:
1) Where the SCADA LAN not have Internet access,
2) The teams are not accessible from the LAN to the users working in the company network.
3) If you must transfer files, do another VLAN or a segmented network and use services such as FTP or similar.
4) Do not allow the use of SCADA pendrive in those devices that support it. Transferring files to the same should be through a secure channel.
International institute of cyber security enables organizations to fight against the devastating cyber security threats by providing Information Security Course to employees and individuals. Posted by Webimprints.