SecurityTube

Malware Infects Two Power Plants Lacking Basic Security Controls

JB

During the past three months, unnamed malware infected two power plants' control systems using unprotected USB drives as an attack vector. At both companies, a lack of basic security controls made it much easier for the malicious code to reach critical networks.

In one instance, according to a recent report from the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), malware was discovered after a power generation plant employee asked IT staff to look into a malfunctioning USB drive he used to back up control systems configurations.

A scan with updated antivirus software turned up three instances of malware, two common and one considered sophisticated.