Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Irongate malware: What are the risks to industrial control systems?

The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS and SCADA systems.

FireEye recently discovered a new type of malware called Irongate, which has exhibited some of the same characteristics...

as Stuxnet in targeted attacks on industrial control systems. What are the Stuxnet traits exhibited by the Irongate malware, and what are the risks to enterprises?

All pieces of malware have some similarities with Stuxnet. The Stuxnet malware was designed and targeted at very specific supervisory control and data acquisition (SCADA) systems in Iran for very specific reasons. It was a sophisticated piece of malware when it came out, but had much of the same functionality as other malware, including an initial infection method and dropper. FireEye discovered the Irongate malware while searching VirusTotal, a free malware scanner, for files that use PyInstaller. The Irongate developers have made advancements with their malware's anti-analysis functionality, compared to the Stuxnet malware which just checks for antivirus software. Since the Irongate malware was identified via secondary data analysis on VirusTotal data rather than from investigating compromised systems, it is difficult to establish the full extent of the malware functionality and attack. This is, however, a good use of a community data repository.

Like the Stuxnet malware, Irongate attacks ICSs, looks for a specific process to infect and replaces dynamic link libraries to manipulate the process. Enterprises with ICS or SCADA systems need to continue to maintain the security of their environments, and implement new security controls after risk assessments are performed. As FireEye stated, there is minimal risk to enterprises as Irongate appears to be proof-of-concept malware that doesn't perform malicious actions. Enterprises with Siemens control systems should contact Siemens to find out if their systems are vulnerable to the Irongate malware, because neither FireEye nor Siemens have publicly listed what systems were vulnerable.

FireEye has two recommendations that are common in more mature software development environments -- using code signing for software in use and to include sanity checking in IO data. FireEye released indicators of compromise that an enterprise could check on its ICS or SCADA systems to see if it had been compromised, but it might be more important to just ensure that your enterprise has the capability to check its ICS or SCADA systems for these indicators, rather than performing a search for the Irongate malware.

Next Steps

Find out the possible impact of malware-infected ICS and SCADA systems

Read about BlackEnergy malware attacks on electric companies' ICS software

Learn about the need to increase defensive cybersecurity

This was last published in October 2016

Dig Deeper on Risk assessments, metrics and frameworks

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What is your enterprise doing to protect itself against Irongate and other Stuxnet-like malware?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...

Close