The Ukrainian Secret Service (SBU) said today it stopped a cyber-attack with the VPNFilter malware on a chlorine distillation plant in the village of Aulska, in the Dnipropetrovsk region.
Commenting on the news are the following security professionals:
Consumer routers show up in very unexpected places at times but critical infrastructure is certainly the last place I’d expect to find them. Due to the lack of details provided by Ukranian Secret Service, it is not possible to know which devices may have been compromised with VPNFilter malware and what they were being used for in this plant. It is possible that the infected systems were routers in the homes of employees who remotely access the facility or that the plant may have had some affected network storage devices.
Another big question is when this attack took place and whether this means that VPNFilter has already evolved since the recent FBI shutdown of the botnet’s command and control system. It is possible that VPNFilter has been revived with a more robust operation targeting a wider range of devices including more enterprise-centric devices.
Tim Erlin, VP of Product Management & Strategy at Tripwire:
If your business has an industrial control system footprint now is the time to evaluate how you’re securing that environment. Industrial companies have accepted the reality that digital threats can have tangible consequences. This perception is perhaps heightened by recent attacks that were specifically designed to affect physical operations and have proven capable of doing so. It is vital that organizations properly secure their critical infrastructure by investing in robust cybersecurity strategies that involve proper foundations of critical security controls and layers of defense. Failure to do so will result in a major breach that will cause catastrophic failure, which is a significant concern (link to survey) among security professionals as a critical disaster could result in significant loss of life.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.