Ingenious campaign aimed at hacking computers of engineers uncovered | #computerhacking | #hacking | #hacking | #aihp

An ingenious campaign that aims to slip malware into computers of engineers and operators working in industries has come to light, with leading global brands manufacturing industrial controllers being on the list of targets.

The campaign was discovered by Dragos, industrial cybersecurity solutions and research firm, after an employee with an engineer reached out to them. After reverse engineering the campaign, Dragos made the results of its research public earlier this month.

The campaign is executed under the guise of selling software that cracks passwords to Programmable Logic Controllers (PLC), which are high-tech devices used in industrial machines for automated performance. The Free Press Journal had on July 3 reported how PLCs, commonly known as industrial controllers, are as vulnerable to hacking and hostile takeover as computers and mobile phones.

Several websites and social media pages offer such software, which are routinely used as passwords of PLCs are set years ago when they are installed, not updated and soon forgotten. As a result, the need to recover those passwords arises in industries constantly and the engineers or operators turn to such software. FPJ made a cursory Google search for “PLC password cracker” and received 7,25,000 results.

According to Dragos, the engineer who approached them used one such password cracker by downloading it on a computer and connecting the computer to the PLC. While the password was indeed recovered, the computer started displaying signs of malfunction.

“Troy (the engineer, name changed) called in Dragos to reverse engineer the password “cracking” software and determined it did not crack the password at all; rather, it exploited a vulnerability in the firmware which allowed it to retrieve the password on command. Further, the software was a malware dropper, infecting the machine with the Sality malware and turning the host into a peer in Sality’s peer-to-peer botnet,” Sam Hanson, a vulnerability analyst with Dragos, stated in his update on the company’s official website.

Sality is a potent malware that can steal all passwords from the target computer. But more worryingly, it can detect anti-virus software and disable it, leaving the device vulnerable to any and all other threats. A ‘botnet’ is a network of bots or hacked machines. A malware collects millions of such bots over long periods of time, expanding the botnet as it infects machines.

In its subsequent research, Dragos found that the same group that had sold the supposed password cracker to the engineer had also advertised similar services for 29 different PLCs, manufactured by brands like Siemens, Fuji, Mitsubishi and Panasonic.

“Initial dynamic analysis of a couple of other samples indicate they also contain malware. In general, it appears there is an ecosystem for this type of software. Several websites and multiple social media accounts exist all touting their password “crackers”,” Hnson said