alphaspirit - Fotolia
Viruses, including W32.Ramnit and Conficker, were found in a German nuclear power plant computer system. Mikko Hypponen, chief research officer for F-Secure, stated that these types of malware infections usually were not of major concern, citing a similar situation with Android phone malware being passed on to plane cockpit computers through connections to USB ports. But what hazards could these types of malware infections pose? Can Android malware infections, for example, have adverse effects on other types of systems or devices? And if so, what steps should organizations take to prevent these possible outcomes?
The Conficker malware will continue to stay in the news for the next decade, and other malware and network worms with long lifetimes will continue to be detected targeting devices for the foreseeable future. This is more because of the sad state of information security than Conficker being sophisticated malware. Conficker malware showing up in a power plant or malware in an industrial control system (ICS), such as an airplane's internal systems, isn't surprising Hypponen stated.
The impact from older malware on systems may be less than when it was first released, since the command-and-control system might not still be in operation, targeted dates may have passed or targeted data might not be present. The intended target of the Conficker malware is unlikely to be an ICS or supervisory control and data acquisition (SCADA) system. While the risk for data loss or financial fraud is less, there could be unintended consequences for a malware infection. Malware could cause the system to become unstable, crash or prevent the system from running the mission critical software. Even if the infected ICS isn't impacted, it could infect other systems or devices that come in contact with the ICS and potentially cause them problems.
Enterprises could prevent older viruses like the Conficker malware by running antimalware tools, but will need to plan for how the tool gets updated definitions, since it might not have internet access. Locking the system down with a whitelisting tool to prevent unapproved files from executing, and using a host-based firewall that only allows specific executables to access certain systems can also help prevent these types of malware. ICS and SCADA systems may have some advantages over general purpose systems, because they can have all their unneeded functionality removed or disabled so they can't be exploited.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out if more industrial control systems are likely to suffer cyberattacks
Learn about the U.K. institute working on better ICS cyberdefenses
Discover if U.S. utility companies are at risk for BlackEnergy malware attacks
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading