Home ‘Swiss Army Knife’ of malware discovered

‘Swiss Army Knife’ of malware discovered

April 15– Known as “Pipedream,” this newly uncovered piece of code can crack industrial control systems, such as those within power grids, factories, water utilities and oil refineries. The US government warns that this piece of code can harm not just one industry – but all of them. Critical infrastructure owners worldwide should take note.

“It’s no surprise that malware and toolkits like these continue to increase in complexity and widen their targets. All verticals, especially the critical infrastructure space, need to double down on a prevention strategy,” says Mark Ostrowski, Head of Security Engineering, US East, for Check Point Software.

Experts have dubbed this tool the most formidable malware targeting industrial control systems that anyone has ever documented. “It’s like a Swiss Army knife with a huge number of pieces to it.”

The Swiss Army knife of malware

The Pipedream malware toolkit represents a rare addition to the small group of malware specimens capable of disrupting industrial control system (ICS) software.

The malware retains the ability to hijack target devices, disrupt or prevent operators from accessing devices, it can unlock access into specific areas of a given industrial control system network, and allow for lateral movement into new areas of a given system.

Thus far, the malware does not appear to have been used against a victim – or at least it has not yet triggered disruption within any industrial control system’s infrastructure.

Pipedream malware capabilities

Surpassing the sophistication of any previous industrial control system hacking toolkit, the Pipedream malware includes a variety of components designed to compromise device functionality, including programmable logic controllers (PLCs) sold by Schneider Electric and OMRON. These PLCs are commonly set up as interfaces between traditional computers and the actuators and sensors prevalent within industrial environments.

Another unique facet of the malware consists of its ability to target Open Platform Communications Unified Architecture (OPC UA) servers, which communicate with controllers.

Public and private partnerships

Public and private partnerships are integral in countering any cyber threats, but especially those targeting a wide array of major systems. Since the discovery of the Pipedream malware, the US government and cyber security firms have collaboratively “identified and developed protective measures to defend against” the attack toolkit.

Closing thoughts

The versatile Pipedream malware brings unprecedented attention to the cyber security risks facing operational technology and industrial control systems. Traditionally, attacks on OT and ICS systems have remained out of reach for hackers, as these types of attacks require specialized skills. However, it appears as though this is changing and could change further still.

The breadth of functionality associated with the malware makes the tool particularly troubling. It represents a clear and present danger to the safe, continuous functionality of industrial control systems.

For information about securing Industrial Control Systems, see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.