Dive Brief:
- Officials at the Department of Homeland Security are sounding the alarm about a pair of malware threats potentially aimed at energy control systems, reports E&E Publishing.
- Attacks on the control systems of critical energy industries are rare, but security experts say DHS officials are hosting a pair of secret briefings to address security concerns, focusing on malwares named Havex and BlackEnergy.
- DHS' Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued alerts on both the threats, most recently for BlackEnergy where it noted that various vendors have been targeted in the malware campaign, including GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC.
Dive Insight:
E&E reports on Homeland Security's malware meetings, noting that attacks on control systems in the energy space are fairly rare. The Havex malware is an older threat thought to be dormant, but the BlackEnergy malware is newer.
ICS-CERT said it has not identified any attempts to damage, modify, or otherwise disrupt the victim systems’ control processes. "However, typical malware deployments have included modules that search out any network-connected file shares and removable media for additional lateral movement within the affected environment," the warning said. "The malware is highly modular and not all functionality is deployed to all victims."
ICS-CERT has issued two alerts for the BlackEnergy malware, a second after a strain was analyzed again recently, and in both cases electric utilities were alerted before the public, E&E reported.
