A warning for people in the industrial control system space: It's entirely possible that the random account on Twitter offering to circumvent your security systems may not have your best interests at heart.
Password retrieval utilities being marketed over social media for programmable logic controllers(PLC) and human-machine interfaces (HMI) may be installing malware.
Dragos is reporting that one such group offering password cracking for 15 vendors worth of PLCs and HMIs is using the password recovery software to install the Sality botnet. Sality is used for distributed criminal tasks, including cryptomining.
The recovery tool is marketed as a password cracker, which traditionally refers to password recovery tools that retrieve passwords from hashes, but in Dragos' test of the Automation Direct’s DirectLogic 06 PLC version of the tool, it actually uses vulnerabilities to breach machines. It does, in fact, recover the password in the process of roping systems into the Sality network. Dragos has not named the vendor of the specific tool they saw, but notes the password-cracking ecosystem is full of shady players. They only tested the DirectLogic tool.
"If an engineer needs to recover a lost password, contact Dragos or the respective vendor for instructions and guidance. As the adage goes, if it’s too good to be true, then it probably is," wrote Dragos' Sam Hanson in the blog post.
Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.
Security researchers question why it took so long for news of the hack on the federal court’s document management system, which dated back to early 2020, to come out.
The U.S. State Department has said that it will be giving a $10 million reward to individuals with any information regarding North Korean state-sponsored threat actors targeting U.S. critical infrastructure including Lazarus Group, Kimsuky, Bluenoroff, Guardians of Peace, and Andariel, according to BleepingComputer.
Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.