Worm Spreading Through Industry

it training

A worm and malware that was discovered to attack the industrial infrastructure has been recently found in the wild. The malicious malware, which has been designed to break into a Siemens industrial automation platform by using default passwords, has performed as many as nine thousand or more attempts to infect the system. Siemens is instructing their customers not to change their passwords as it may disrupt the entire system. If this occurs there is a possibility industrial systems could be thrown into chaos. A spokesman for Siemens, Michael Krampe, posted a message, “We will be putting forth customer assistance soon, but it will not contain advisories to alter default settings as that could have a great impact on manufacturing and plant operations.”

Siemens has plans to start a website that will give customers more information about the malware targeting itself against their supervisory control and data acquisition applications. The systems that have been attacked by this malware is used in a global capacity to manage various industrial machines that produces food, build products, manufactures chemicals, and operates power plants. The malware is spread through the use of USB flash drives, computers that allow file sharing through the network, CDs, and takes full advantage of an unpatched bug within Windows. The malware has the ability to search through the Siemens software and if not locating it replicates itself and continues. If the malware does find a Siemens system it utilizes the default passwords and starts searching for project files, copying them to a website external to the industrial organization.

At present, the malware seems to be searching for information. Security experts believe attacks such as this have the possibility to do greater damage. By committing information theft of the supervisory control and data acquisition, cyber criminals could discover the various manufacturing processes and procedures required to create a particular company's products. Customers have been calling Siemens in order to discover a way to defeat the malware. US–CERT has released an advisory entitled ICS–ALERT–10–196–01. As Siemens has stated changing the system's password would keep their critical and vital components from interacting with the system that manages it, disabling the whole password will basically disable the entire system.

Michael Krampe has noted edits can be made so computer systems will not display .LNK files utilized by the malware in order to spread itself from one system to the next. The disabling of the Windows Web Client service will also prevent the malware from spreading on a local area network. Michael Krampe said, “Siemens has started to make a solution, which can find and then systematically get rid of the malware.” At present it is not known when the fix would be available to eradicate the malware. Gerry Egan, one of the directors within Symantec Security Response, stated, “The entire Siemens system was created, thinking no one would gain access to the passwords. It was a thought no one will bring strong attempts against you.”

CISSP online training is designed to prepare professionals for certification and a career in information security. The protection of information and other critical data is very important in today's global climate. At any time, an enterprise or related organization can be attacked and breached, exposing their critical data to the world. K Alliance and their quality, online information security training course is available for all professionals to improve their insight and awareness in this area currently in demand.

About Us: Expert Training contains a large catalog of IT training video courses, business soft skills training, and enterprise learning solutions. These veriest training categories are designed to handle your specific training requirements and particular needs. IT certification training is a necessity as more businesses seek highly trained professionals who can quickly align with the vision of the organization in many different areas. Discover how Expert Training is your best location and resource for quality IT training products.