U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Malware experts at ESET released a free tool for ICS Malware analysis

Security experts from ESET that spotted the Industroyer malware used against Ukraine’s power grid released a free tool for ICS Malware analysis ESET researchers Robert Lipovsky and Anton Cherepanov have released a free tool for the analysis of ICS malware. The security duo is the same that discovered the CrashOverride/Industroyer malware that targeted the Ukraine’s power […]

Nova Scotia Power

Security experts from ESET that spotted the Industroyer malware used against Ukraine’s power grid released a free tool for ICS Malware analysis

ESET researchers Robert Lipovsky and Anton Cherepanov have released a free tool for the analysis of ICS malware.

The security duo is the same that discovered the CrashOverride/Industroyer malware that targeted the Ukraine’s power grid,
CrashOverride/Industroyer is the fourth publicly known piece of malware, a detailed description of remaining threats was available in my article “Which Malware are Specifically Designed to Target ISC Systems?.
Industroyer ICS malware
The development of the tool was inspired by their investigation, the expert analyzed the ICS malware involved in the attack against Ukraine’s power grid in 2016 that caused a huge power outage in the city of Kiev and neighboring regions.

The researchers developed an IDAPython script for IDA Pro that could be used by malware researchers and cyber security experts to reverse-engineer binaries that employ the OPC Data Access industrial communications protocol.

“An IDAPython script for IDA Pro that helps reverse engineer binaries that are using the OPC Data Access protocol.” reads the description published on GitHub.

“It can be used to analyse such malware families as Havex RAT and Win32/Industroyer.

The script identifies CLSID, IID, and LIBID constants and creates structures and enumerations. Afterwards, these structures can be used to annotate COM method call parameters.”

Havex is a general purpose Remote Access Trojan (RAT) discovered in June 2015 when malware researchers at F-Secure spotted a cyber espionage campaign based on the Havex malware targeting ICS/SCADA systems and vendors.

The Havex malware has been used in several targeted attacks in the previous months; threat actors used it against different industry sectors.

“If there are other future malware [families] like Industroyer or Havex, [investigators] will have an easier time” finding and analyzing them, Lipovsky says.

“This tool helps you understand what the threat was designed to do,” he says. Detection is important, he says, “but if you want to understand what the attackers are up to, you need to dig in deeply.”

The availability of such kind of open-source tools allows experts to rapidly analyze ICS malware and implement automate defense systems.

Lipovsky and Cherepanov highlighted the importance for ICS/SCADA operators of early detection of the threats.

“A lot of people are downplaying these sorts of things as ‘not an attack.’ Spying is an attack,” said the expert. “These things are detectable.”

Lipovsky announced the tool during a session at the Black Hat hacking conference.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  (ICS malware, power outage)

[adrotate banner=”13″]