The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have issued a joint advisory to warn about the growing number of cyberattacks on Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) devices.
Federal agencies discovered several custom tools that can be used by APT groups to hack and hijack devices.
Threat actors have developed tools that allow them to scan, compromise, and control ICS/SCADA equipment.
The alert highlights that OPC Unified Architecture (OPC UA) servers and several versions of Schneider Electric and OMRON Programmable Logic Controllers (PLCs) are vulnerable to attacks initiated by these custom tools.
These tools have a modular architecture that can be used by threat actors to launch highly automated exploits against targeted devices.
Furthermore, one of these tools can be used to execute malicious code in the Windows kernel by exploiting a known vulnerability in the ASRock-signed motherboard driver (tracked as CVE-2020-15368).
APT actors can escalate privileges, move laterally within an OT environment, and disrupt critical devices or functions by compromising and maintaining full system access to ICS/SCADA devices.
The federal agencies have alerted that all organizations with ICS/SCADA devices should take proactive mitigation steps. Isolating ICS and SCADA systems from the rest of the IT and OT networks, limiting access to select management and engineering workstations, and monitoring systems to spot anomalous activity are all examples of these measures.