This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.bbc.co.uk/news/technology-21042378
The article has changed 2 times. There is an RSS feed of changes available.
Previous version
1
Next version
| Version 0 | Version 1 |
|---|---|
| US plants hit by USB stick malware attack | US plants hit by USB stick malware attack |
| (about 20 hours later) | |
| Two power plants in the US were affected by malware attacks in 2012, a security authority has said. | Two power plants in the US were affected by malware attacks in 2012, a security authority has said. |
| In its latest quarterly newsletter, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said "common and sophisticated" attacks had taken place. | In its latest quarterly newsletter, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said "common and sophisticated" attacks had taken place. |
| Malware had infected each plant's system after being inadvertently brought in on a USB stick, it said. | Malware had infected each plant's system after being inadvertently brought in on a USB stick, it said. |
| The ICS-CERT said it expected a rise in the number of similar attacks. | The ICS-CERT said it expected a rise in the number of similar attacks. |
| Malware can typically be used by cyber-attackers to gain remote access to systems, or to steal data. | |
| In the newsletter, authorities said: "The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation. | In the newsletter, authorities said: "The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation. |
| "The employee routinely used this USB drive for backing up control systems configurations within the control environment." | "The employee routinely used this USB drive for backing up control systems configurations within the control environment." |
| And at a separate facility, more malware was found. | And at a separate facility, more malware was found. |
| "A third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades," the report said. | "A third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades," the report said. |
| "Unknown to the technician, the USB-drive was infected with crimeware. | "Unknown to the technician, the USB-drive was infected with crimeware. |
| "The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks." | "The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks." |
| Physical effects | Physical effects |
| The authority did not go into explicit details regarding the malware itself, but did stress that the use of removable media had to be reviewed and tightened. | The authority did not go into explicit details regarding the malware itself, but did stress that the use of removable media had to be reviewed and tightened. |
| "Such practices will mitigate many issues that could lead to extended system downtime," it said. | "Such practices will mitigate many issues that could lead to extended system downtime," it said. |
| "Defence-in-depth strategies are also essential in planning control system networks and in providing protections to reduce the risk of impacts from cyber-events." | "Defence-in-depth strategies are also essential in planning control system networks and in providing protections to reduce the risk of impacts from cyber-events." |
| In recent years, power plants have been the target of increasingly destructive malware and viruses - a bridge between damage in a digital sense, such as data loss of theft, and actual physical infrastructure. | In recent years, power plants have been the target of increasingly destructive malware and viruses - a bridge between damage in a digital sense, such as data loss of theft, and actual physical infrastructure. |
| In 2010, the Stuxnet virus was said to have damaged critical parts of Iran's nuclear infrastructure. | In 2010, the Stuxnet virus was said to have damaged critical parts of Iran's nuclear infrastructure. |
| Security firm Symantec research said it believed Stuxnet had been designed to hit motors controlling centrifuges and thus disrupt the creation of uranium fuel pellets. | Security firm Symantec research said it believed Stuxnet had been designed to hit motors controlling centrifuges and thus disrupt the creation of uranium fuel pellets. |
| A UN weapons inspector later said he believed the attack had set back Iran's nuclear programme. | A UN weapons inspector later said he believed the attack had set back Iran's nuclear programme. |
| No country has claimed responsibility for the attack, but a New York Times report last year, written by the author of a book on the attacks, pointed the finger at the US. | No country has claimed responsibility for the attack, but a New York Times report last year, written by the author of a book on the attacks, pointed the finger at the US. |
| Journalist David E Sanger wrote that the US had acted with the co-operation of Israel. | Journalist David E Sanger wrote that the US had acted with the co-operation of Israel. |
Previous version
1
Next version