Government agencies released a warning about possible upcoming threats to US critical infrastructure. High-profile security organizations, including the FBI and NSA, are warning that there is an ongoing advanced persistent threat coming from cybercriminals. Bad actors can gain complete system access to critical infrastructure elements such as industrial control system/supervisory control and data acquisition devices. Hackers appear to have developed new tools that could allow them to gain full system access to pretty essential parts of the USA’s critical infrastructure.
In particular, energy sector organizations that include liquefied natural gas plants appear to be at high risk from the recently discovered malware. In addition, the alert highlighted that Windows-based engineering workstations and OT environments using ASRock motherboard drivers are at exceptionally high risk of the malicious code. As this is an ongoing investigation, currently, there is no information on how the US protection agencies have found the malware.
The newly developed tools could scan for, compromise, and control affected devices. The alert does not mention a nation that might be behind the development of those tools, but experts have been openly pointing fingers at Russia. The relations between the US and Russia have not been excellent lately. Over the last couple of months, things have gotten worse after Russia’s latest invasion of Ukraine.
In an interview for ‘60 Minutes’, Deputy Attorney General Lisa Monaco told correspondent Bill Whitaker that Russians pose a serious and persistent threat and America should be on high alert for possible attacks on organizations from the energy sector. Over the last ten years, Russians have been able to hack hundreds of companies and organizations worldwide, including them getting into the computer networks of a nuclear power company located in Kansas. In addition, in 2015, Russia-sponsored bad actors managed to cause a blackout for nearly a quarter-million Ukrainians after getting into the networks of three Ukrainian powerplants. Furthermore, Russians appear to be behind cyber-attacks explicitly designed to kill people. Knowing that a foreign state whose current relationship with the USA is so dire can exploit the weaknesses of energy companies is undoubtedly a scary thought.
Luckily the possible threats have been crossed before any damage has been done, and government agencies are actively working on addressing the risks presented by the new malware. Government agencies have provided recommendations to all energy companies who could potentially be affected by the malware and have advised on ways to detect it, ensuring that the malicious will not disrupt critical devices or functions.