Claroty research unveils new attack that targets PLCs
Claroty has released research detailing a new type of cyber-attack, one that weaponises programmable logic controllers (PLCs) in order to exploit engineering workstations and further invade OT and enterprise networks.
It was noted that PLCs in industrial networks are now becoming critical attack targets, with more exploits being identified every day. These types of robust computers are used to control a machine, small automation process, or even an entire production line, making them a critical opportunity for threat actors.
The new attack is said to predominantly target engineers working on industrial networks, who configure and troubleshoot PLCs across critical industries. This includes utilities and industries such as electricity, water and wastewater, heavy industry, manufacturing, and automotive.
Some of the affected vendors that were highlighted in the report include Rockwell Automation, Schneider Electric, GE, B-R, Xinje, OVARRO, and Emerson.
“Programmable logic controllers (PLCs) are indispensable industrial devices that control manufacturing processes in every critical infrastructure sector,” the report states.
“Because of their position within automation, threat actors covet access to PLCs; several industrial control system malware strains, from Stuxnet to Incontroller/ Pipedream, have targeted PLCs.
The report notes that a PLC's architecture is designed only to control, support, maintain, and monitor an automation process. It says that all parts should work together to achieve the goal of executing the code logic the engineer developed and deployed to the PLC.
Claroty says that the quickest approach to luring an engineer to connect to an infected PLC would be for the attacker to cause a malfunction or fault on the PLC, tricking them into exposing the network.
They say that this will “compel the engineer to connect using the engineering workstation software as a troubleshooting tool.
The company also tried to execute the new attack vector against multiple leading ICS platforms and found that there were a variety of vulnerabilities that could allow the weaponisation of a PLC.
As a result, Claroty helped further lock down the integrity of data uploads and downloads used by engineers to ensure the safety of processes across numerous critical industries.
When remedying the situation in the wider community, most vendors issued fixes, patches, or mitigation plans against the PLC Attack. As this is never watertight, Claroty has suggested that those affected practice network segmentation and hygiene while also using client authentication and better PKI.
They also recommend researching and being aware of any updates or notifications of threats that may occur.