Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Researchers Uncover a New Sophisticated Malware Attacking Air-Gapped ICS Systems

The Industrial control systems (ICS) security teams are actively fighting against a worm that is breaching and compromising the defense mechanisms of the air-gapped systems.

A China-linked nation-state actor was suspected in a series of attacks on Eastern European industrial firms last year, targeting air-gapped systems for data theft.

Cybersecurity researchers at Kaspersky ICS-CERT recently discovered a novel second-stage malware evading air-gapped data security, targeting ICS and critical infrastructure in Eastern Europe.

New Malware Evading Air-Gapped Data Security

This works as an advanced tool that enables threat actors to perform the following illicit activities:

  • Data extraction
  • Development of third-stage tools
  • Transmission of harvested data

Security analysts also discovered two implants that extracted data from the systems. The implants that researchers detect are:-

  • A sophisticated modular malware: This implant shapes the removable drives, infects them with the worm, and then exfiltrates data from air-gapped Eastern European industrial networks.
  • Data Stealer: Since it’s a data-stealing implant, so, this data-stealing implant sends local computer data to Dropbox via next-stage implants.

While the systems targeted by the threat actors are mainly infected or compromised, they then use these implants for the second stage of the attack.

Tasks Performed by the Modules

Moreover, the air-gapped data exfiltration malware infects the removable drives with three different modules and they all are used to perform various tasks.

Here below, we have mentioned all the tasks that are performed by the malicious modules:-

  • Profiling removable drives 
  • Handling removable drives
  • Capturing screenshots
  • Planting second-step malware on newly connected drives

Not only that, even the researchers at Kaspersky found threat actors evading the detection via encrypted payloads hidden in separate binary data files and using DLL hijacking and memory injections.

Recommendations

Here below, we have mentioned all the recommendations offered by the security experts:-

  • Always perform regular security assessments for OT systems to find and resolve cybersecurity issues.
  • Continuous vulnerability assessment and triage system for effective vulnerability management.
  • Make sure to use robust security solutions for unique actionable information.
  • Ensure timely updates and security fixes for OT network components to prevent major incidents.
  • Implement robust EDR solutions for threat detection and remediation.
  • Make sure to maintain incident prevention, detection, and response skills through OT security training.

Source: https://cybersecuritynews.com/air-gapped-ics-systems/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO