Viruses, including W32.Ramnit and Conficker, were found in a German nuclear power plant computer system. Mikko...
Hypponen, chief research officer for F-Secure, stated that these types of malware infections usually were not of major concern, citing a similar situation with Android phone malware being passed on to plane cockpit computers through connections to USB ports. But what hazards could these types of malware infections pose? Can Android malware infections, for example, have adverse effects on other types of systems or devices? And if so, what steps should organizations take to prevent these possible outcomes?
The Conficker malware will continue to stay in the news for the next decade, and other malware and network worms with long lifetimes will continue to be detected targeting devices for the foreseeable future. This is more because of the sad state of information security than Conficker being sophisticated malware. Conficker malware showing up in a power plant or malware in an industrial control system (ICS), such as an airplane's internal systems, isn't surprising Hypponen stated.
The impact from older malware on systems may be less than when it was first released, since the command-and-control system might not still be in operation, targeted dates may have passed or targeted data might not be present. The intended target of the Conficker malware is unlikely to be an ICS or supervisory control and data acquisition (SCADA) system. While the risk for data loss or financial fraud is less, there could be unintended consequences for a malware infection. Malware could cause the system to become unstable, crash or prevent the system from running the mission critical software. Even if the infected ICS isn't impacted, it could infect other systems or devices that come in contact with the ICS and potentially cause them problems.
Enterprises could prevent older viruses like the Conficker malware by running antimalware tools, but will need to plan for how the tool gets updated definitions, since it might not have internet access. Locking the system down with a whitelisting tool to prevent unapproved files from executing, and using a host-based firewall that only allows specific executables to access certain systems can also help prevent these types of malware. ICS and SCADA systems may have some advantages over general purpose systems, because they can have all their unneeded functionality removed or disabled so they can't be exploited.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out if more industrial control systems are likely to suffer cyberattacks
Learn about the U.K. institute working on better ICS cyberdefenses
Discover if U.S. utility companies are at risk for BlackEnergy malware attacks
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.