When the intended access is not a system shutdown, it is possible to exploit the malware and redirect the hacker to a secondary site. There are messages available that tell the attacker exactly what they should do. More often than not, the attacker follows the advice and takes a specific PLC chip out of commission.
On Feb. 5, 2019, an attack on a factory is suspected to have taken place. More precisely, it is suspected to have taken place between Tuesday, Jan. 17 and Wednesday, Jan. 18, 2019. The attacker did not initially take action, but only seven days later, the attack left the factory without power.
For operation and maintenance purposes, a scan was performed by the factory inspection services on Jan. 17, 2019. The scan detected several vulnerabilities in the factory, including a vulnerability in the firmware of the PLC. In response to this, the factory passed the results to the water company on July 10, 2019, and these data were later passed on to the control system manufacturer. A subsequent risk assessment by the manufacturer of the control system indicated that there was a threat to human health and safety. As factory owner, the water company started to realize that the attack was significant.
On Aug. 9, the water company informed the factory owner and the control system manufacturer of the incident. They agreed to assess the firmware vulnerabilities further in the ERP (Enterprise Resource Planning) system and to make a firmware upgrade to the affected plc chips. From August 17-21, the control system manufacturer LGC Laser Products, Inc., did so. The manufacturer detected that the firmware of two PLCs and one Remote ICS contained five vulnerabilities. He then installed a special firmware update on the PLCs, and this update successfully corrected all the firmware vulnerabilities. LGC was also able to secure the Remote ICS on a local network.
While the attack did not involve any malware, it is interesting that this error revealed well-hidden vulnerabilities. After the need to update, the control system manufacturer realized that the firmware update process had failed. d2c66b5586