Sunday, January 19, 2025
-0.6 C
New York

Industrial control systems have become increasingly popular targets for cyber-attacks.

The computer systems of industrial companies are increasingly becoming attractive targets for cybercrime, both for the financial gain they offer and the potential for industrial espionage. The new malware that has recently surfaced aimed at industrial systems has proven to be troubling. Cyber security experts at Kaspersky discovered the malware, which tracked down over 3000 infected computers in 195 countries worldwide last year.

Because it closely resembles the Manuscrypt malware of the Lazarus group, which uses so-called “advanced persistent threats” (APT), cyber security experts have named it “PseudoManuscrypt.” The malware targeted many companies involved with military technology and government organizations.

PseudoManuscrypt is downloaded to the target systems by a fake software installer, including ICS-specific pirated software installers. These fake installers may come from a malware-as-a-service (MaaS) platform.

There are cases when PseudoManuscrypt is installed via the now-famous Glupteba botnet. The malware then installs other malicious modules that the PseudoManuscrypt initially triggered.

So far, the Kaspersky team has identified two main variants of this module. They both have features that can save passwords, grab keystrokes, packet capture data from the clipboard, connect through VPN software and RDP connections, and take screenshots. The attacks do not favor specific industries, but the number of engineering computers attacked, including 3D and physical modeling systems, suggests that some targets may be industrial espionage.

Some of the victims of these new attacks are linked to previous Lazarus campaigns since they are using a very rare protocol spotted in APT41 malware a while back. However, even though this group has been active for a long time, given many victims and no specific target to hit, the security team does not link the campaign to any known APT group.

Here is the defensive strategy against the threat of a PseudoManuscrypt attack:

  • Ensure that all endpoint protections are enabled on the systems, and there is a policy to require the administrator password if someone tries to disable the software.
  • Use security solutions that were specifically designed for production systems.
  • The administrator should check whether active directory policies limit users logging onto systems. 
  • The user should only be able to log in to network services that are necessary for their job functions.
  • Consider using supervised detection and response services, which allow professionals to respond in real-time.
  • Local and domain administrator privileges are only used when necessary to complete maintenance tasks.
  • Train employees about the safe use of the Internet, email, and all other communication channels, with particular attention to explaining the consequences of downloading and running files from unknown or unauthorized sources

Cyber-attacks on industrial control systems have been growing over the last several years, and the risk of them remains substantial. In addition, it is now recognized that cyber security is a shared responsibility with sectors such as government and industry. As a result, cyber-attacks on these control systems have widespread implications for safety, security, and critical infrastructure, including essential manufacturing processes.

Hot this week

Beware of Fake GitHub Stars

GitHub stars are a quick way to gauge open-source...

Facebook Marketplace Data Leak: 200K Exposed – Act Now

In alarming news, the personal information of approximately 200,000...

IObit Malware Fighter 11 Pro Review: Is It Enough?

  IObit Malware Fighter 11 Pro: Robust Malware Protection, But...

State-Sponsored Weaponization of ChatGPT: AI Turns Cyber Warfare Threat

Artificial intelligence (AI) is rapidly changing the world. We...

Is Your Face at Risk? “Gold Pickaxe” Malware Threatens Your Identity

  The Dangerous New Hack That Could Hijack Your Identity A...

Topics

Beware of Fake GitHub Stars

GitHub stars are a quick way to gauge open-source...

Facebook Marketplace Data Leak: 200K Exposed – Act Now

In alarming news, the personal information of approximately 200,000...

IObit Malware Fighter 11 Pro Review: Is It Enough?

  IObit Malware Fighter 11 Pro: Robust Malware Protection, But...

State-Sponsored Weaponization of ChatGPT: AI Turns Cyber Warfare Threat

Artificial intelligence (AI) is rapidly changing the world. We...

Is Your Face at Risk? “Gold Pickaxe” Malware Threatens Your Identity

  The Dangerous New Hack That Could Hijack Your Identity A...

Krasue Alert: Linux Systems Under Stealth Attack

Linux, synonymous with security and reliability in operating systems,...

Best Free Password Managers 2024: Secure Your Digital Life

As we move into 2024, the reliance on traditional...

Secure Your WordPress: Spot & Stop Fake Alerts!

WordPress is synonymous with website creation, powering a substantial...
spot_img

Related Articles

Popular Categories

spot_imgspot_img