A dangerous open-platform communication (OPC) scanner that could be used to launch cyber attacks against critical infrastructure areas has been discovered in a variant of the Havex malware.
The scanner was uncovered by researchers at FireEye while investigating a variant of Havex commonly referred to as "Fertger" or "Peacepipe".
Threat intelligence analyst at FireEye Kyle Wilhoit said the scanner is dangerous as it could be used by hackers to target the supervisory control and data acquisition (SCADA) systems used in many critical infrastructure areas, including water and power plants.
"If an attacker wanted to attack an OPC server, they would need and want details of the OPC servers they were targeting. Having the OPC scan data gives the attacker enough information to start possible next phases of attack against a SCADA environment," he said.
"Possible attacks could include taking down a physical system that is controlling a water pump, for instance. This blog gives individuals in the industrial control systems (ICS)/SCADA security field a good foundational knowledge of what the OPC scanning functionality looked like within the Havex variants."
Havex is a family of remote-access Trojans known to have been used during several attacks on critical infrastructure. It is believed to have been active for at least the last year and is designed to siphon vast amounts of information from infected machines.
Wilhoit said the scanner is the first of its type ever discovered in an active piece of malware. "While Havex has been studied by other security firms, none have looked specifically at the OPC scanning functionality. (SCADA device scanning) This is one of the more important aspects of this variant of Havex, because it's the first time we have publicly seen a module in malware that specifically scans for OPC servers," he said.
Wilhoit recommended firms involved in critical infrastructure take a variety of measures to protect themselves. "Don't open email attachments from unknown/suspicious sources, utilise a defence-in-depth model, and have good incident-response practices for ICS environments," he said.
"In addition, having your SCADA environment locked down and ‘bastioned' off is very important. It practices the policy of 'least privilege', only allowing the OPC server to access items that are required for it to function."
Havex is one of many threats facing firms involved in critical infrastructure. The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) urged critical infrastructure firms to check their networks for signs of intrusion following the discovery of a fresh Dragonfly hack campaign earlier in July.
Buyers can demand refunds if they've had a game for no more than 14 days and not registered more than two hours of play
Total lunar eclipse 2019: 'Super Blood Wolf Moon' to be visible across Europe and North America on Sunday night
Moon will turn reddish-orange in colour during this weekend's total lunar eclipse
Hackers to compete for prize money of between $35,000 and $250,000 cracking the Tesla Model 3 at this year's Pwn2Own contest
Supermassive black holes can suddenly 'switch on' to devour large amounts of gases in their surroundings
Scientists are unsure what causes this dramatic increase in black holes' mass