US Agencies Warn Against New Hacking Tool That Affects ICS/SCADA Devices
Four federal agencies have warned organizations about a new tool that could allow hackers to penetrate devices used in industrial control systems.
According to the joint warning, an unnamed advanced persistent threat actor designed the tool, dubbed “PIPEDREAM,” that can give actors full system access to industrial control systems/supervisory control and data acquisition devices. The devices include programmable logic controllers from Schneider Electric and Omron and servers from Open Platform Communications Unified Architecture.
Critical infrastructure owners, especially those operating in the energy sector, are urged to look out for the usage of the tool.
The agencies said the tools have a modular architecture that allows cyber actors to conduct automated exploits. The application also has a virtual console with a command interface that replicates target ICS/SCADA devices, which allows even lower-skilled hackers to carry out sophisticated attacks.
According to the agencies, the tool allows hackers to scan for, compromise and control affected devices once they establish initial access to the operational technology network. Actors can also affect Windows-based workstations.
Other things that the tool can do is elevate privileges for hackers, allow infiltrators to move laterally within an OT environment and disrupt devices or functions.
The agencies recommend that organizations with ICS/SCADA devices use stronger perimeter controls for their devices and limit incoming or outgoing communications.
Other recommendations include the usage of multi-factor authentication, constant password changes and the execution of integrity checks on firmware and controller configuration files.
Tags: advanced persistent threat advisory cybersecurity Cybersecurity and Infrastructure Security Agency Department of Energy FBI FCW industrial control system/supervisory control and data acquisition devices National Security Agency