Brittany Hillen, Jan 16th 2013
According to the Homeland Security Department, multiple power plants in the United States were affected by malware during the beginning of October 2012. While details are relatively scarce, it was revealed that one of the power plants had been infected via a USB flash drive. The infection happened during a software update.
The power plant infected by the USB drive ended up staying offline for three weeks while the issue was fixed. The malware had been introduced via the USB drive of an outside technician who was performing software updates, and was an identity theft trojan. The malware managed to infect approximately 10 computers.
A second power plant that was also infected had malware on multiple computers, some of which were involved with the plant’s operations. Unlike the other plant, no information was provided on how this malware made its way onto the workstations. The first power plant did not have properly updated antivirus software.
The Industrial Control Systems Cyber Emergency Response Team said this in a report. “ICS-CERT’s onsite discussions with company personnel revealed a handful of machines that likely had contact with the tainted USB drive. These machines were examined immediately and drive images were taken for in-depth analysis. ICS-CERT also…discovered signs of the sophisticated malware on two engineering workstations, both critical to the operation of the control environment.”