Introduction
Industrial Control Systems (ICS) and Operational Technology (OT) have often taken a backseat to other concerns in the cybersecurity ecosystem as they are not directly used by consumers. This has always been a contentious thing because, although consumers do not directly touch ICS or OT systems, they govern critical infrastructure that everyone depends on. Furthermore, as the Internet of Things (IoT) and smart devices become more prevalent in everyday life, it is important to acknowledge that more and more consumers ARE becoming directly connected to ICS and OT systems.
Enter: FrostyGoop
Earlier this year, critical infrastructure in Ukraine became victim to OT-based malware which would later become known as FrostyGoop/BUSTLEBERM. FrostyGoop sent Modbus TCP commands to disrupt the power supply to heating services for over 600 apartment buildings. This led to a heating outage that lasted two days in Ukraine's sub-zero temperatures.
Using malware like FrostyGoop, attackers can feed inaccurate readings to thermostats, affecting the behavior of heating or cooling systems, such as in this case.
ICS/OT/IoT/IT: Blurring The Lines
Modbus is one of the most commonly used protocols for ICS and OT devices. This raises concern over the ever-widening range of potential targets for ICS and OT malware in the public sector and critical infrastructure, such as:
Energy Companies
Power Plants
Generators
Cooling Systems
Smart Devices
Thermostats
According to Palo Alto's Malware Research Team, Unit 42, FrostyGoop is only the ninth known ICS-centric malware in the wild. As enterprising black hats continue to blaze trails into these new attack vectors and targets, we can expect to see them applied in other industries and sectors as well.
A deeper dive into the technical details of this malware was published by Palo Alto's Unit 42 and can be found here.
Conclusion
ICS and OT systems have historically been deemed non-essential to the common consumer of cybersecurity services and products, but FrostyGoop throws into stark focus a fast-emerging point: ICS and OT are no longer just the concern of Critical Infrastructure, but for the rest of us as well.
Comments