Home US warns of critical infrastructure concerns

US warns of critical infrastructure concerns

April 14— On Wednesday, multiple US government agencies published a joint alert pertaining to the discovery of malicious cyber tools crafted by unspecified cyber threat actors. The tools are allegedly capable of granting hackers “full system access” to several American industrial control systems.

What we know

Alerts from the Energy and Homeland Security departments, the FBI, and the NSA offered few details on the findings. However, private sector security firms implicated nation-state threat actors as those behind the tools. Experts have also stated that the tools appear to have been expressly designed to target North American energy firms.

Cyber security researchers called the tools “exceptionally rare and dangerous.” In this case, the US is believed to be one step ahead of the adversary, foiling the plans before an attack was launched.

US on high alert

The US government has alerted critical infrastructure industries to the possibility of grid attacks by nation-state threat actors. Officials have expressed that nation-state actor interest in the energy sector is particularly high. CISA urged energy sector operators to be mindful of the mitigation recommendations included in the latest alert.

Scanning for vulnerabilities

In March, the FBI announced that nation-state backed threat actors had scanned at least five different energy grid network systems in search of vulnerabilities. Researchers say that the newly discovered malware could be used to shut down critical machinery, “sabotage industrial processes” and “disable safety controllers,” which could, in turn, lead to physical destruction, including loss of human lives.

Pipedream malware

The newly discovered malware has been assigned the name “Pipedream” and represents the seventh such malware recently identified and associated with possible attacks on industrial control systems.

Further information

For more on this story, please visit The Guardian. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.