ICS-CERT has issued an alert for BrickerBot, a malware which exploits hard-coded passwords in IoT devices in order to cause a permanent denial of service attack. These attacks could pose a serious threat to Industrial Control Systems in critical infrastructure. Edgard Capdvielle, CEO at Nozomi Networks commented below.
Edgard Capdvielle, CEO at Nozomi Networks:
“BrickerBot is obviously a threat to OT systems. Should Industrial Control Systems (ICS) components to suddenly fail without warning, the effects could be significant. Industrial automation systems could experience abnormal behavior or event outages. In addition, identifying issues, fixing them, and getting systems back up and running could be lengthy and expensive. Operators should implement the mitigations recommended by ICS -CERT, which include verifying that their control systems are deployed securely and that no devices have an Internet accessible configuration. In addition, as the U.S. Department of Homeland Security recommends, they should use network behavioral analysis to detect anomalies in traffic and take appropriate action. Fortunately, network behavioral analysis that is safe for (ICS) is now readily available thanks to a new generation of technology. Using advances in computer science, such as Machine Learning and Artificial Intelligence, such solutions build an internal representation of an industrial network and its physical processes. Baselines are established and communication or process behavior that deviates from them is instantly detected and presented in consolidated, context-aware alerts.Having this operational visibility provides immediate insights for faster troubleshooting and remediation of cybersecurity and process issues. It makes it easier for engineers and plant operators to identify affected devices and apply compensating controls before industrial process are impacted.”