ICS-CERT: virus infections via USB at US power utilities (+ no backups existed)

[menotu]

It beggars belief how some of these companies work (sic) It certainly appears no decent protocols are in place (or carried out)

======================
heise Security

In its current ICS-CERT Monitor, the US Computer Emergency Response Team (US-CERT) reports that two power utilities in the US suffered virus infections in the last quarter of 2012. In both cases, industrial control systems were infected via USB flash drives. The malware caused a power generation plant to be shut down for several weeks.s.

In the first incident, an employee who performed routine maintenance on control systems noticed that the USB drive he was using appeared to malfunction. When members of the IT department became involved and used another system with up-to-date anti-virus software to check the USB drive, the software apparently produced three positive hits. One of the finds was reported to be "linked to known sophisticated malware". The description fits the Stuxnet worm that had sabotaged industrial sites in Iran, including a power generation utility in Hormozgan province; however, the report doesn't specify the exact nature of the malware.

The afflicted power generation utility eventually notified the US-CERT's Industrial Control System-CERT (ICS-CERT), which also removed the malware from infected engineering workstations.

The ICS-CERT said that cleaning up the workstations required particular delicacy because no backups existed, and because a potential "failed cleanup would have significantly impaired their operations."

In the second incident, machines at a power generation utility were infected via the USB drive of a third-party technician who had reportedly been unaware of the malware. In this case, the ICS-CERT considers the disruption to the devices to have been caused by "crimeware". Several weeks passed before the power utility could return to service.

http://www.h-online.com/security/news/item/ICS-CERT-reports-virus-infections-at-US-power-utilities-1783152.html

and

Critical Infrastructure Malware Infections: From ICS-CERT report to SCADA Strangelove

https://www.networkworld.com/community/blog/critical-infrastructure-malware-infections-ics-cert-report-scada-strangelove

[jaydot]

i used to be teased for having backups of backups of backups.  i didn't lose data.  these muppets are also, probably, using windows.

[Tony]

i used to be teased for having backups of backups of backups.  i didn't lose data.  these muppets are also, probably, using windows.

Exactly, plus what are they doing online, they should be on a closed network. Plus, why have they got USB inputs open ?

[Just17]

Sounds like the virus came back to hit at home