There’s a trend in IT security: Companies and users assume a particular technology or platform is immune to exploitation and malware infection, but are eventually proven wrong by threats in the wild — and then the cycle repeats.

As noted by Bleeping Computer, researchers from the Georgia Institute of Technology, more commonly known as Georgia Tech, are trying to shift the paradigm with proof-of-concept malware that targets what many experts consider to be next in line for malware-makers: supervisory control and data acquisition (SCADA) and industrial control systems (ICS).

Since these systems control key industrial and municipal resources, a proof of concept (PoC) is a step in the right direction. Companies need to make changes before concept becomes compromise.

Spotty SCADA Security

It’s no surprise that many companies still consider SCADA and ICS beyond the reach of malware. Given their roles in controlling physical devices, they’re often air gapped, or connected only to internal networks.

However, according to the Georgia Tech team, that’s not always the case. Researchers found several instances of connected programmable logic controllers (PLCs) used to acquire data from physical systems and relay them to SCADA networks, which were connected to the internet at large and easily vulnerable.

This isn’t the first time PLCs and SCADA systems have come under fire. Last summer, cybercriminals used a Stuxnet-like attack called Irongate to modify a specific ICS process. Then, in November 2016, developer Ali Abbasi created a way to swap pin configurations in PLCs and permanently modify their output.

The supposed safety of SCADA and ICS systems no longer exists. It’s better to develop countermeasures against PoC attacks than to wait for the next Heartbleed or Shellshock to strike.

Researchers Create Proof-of-Concept Malware

To illuminate the threat industrial organizations now face, researchers developed LogicLocker, a strain of malware able to detect when it’s running on PLC-connected software. The team detailed this experiment in a report titled, “Out of Control: Ransomware for Industrial Control Systems.”

Using Shodan, the researchers identified “thousands of PLCs directly connected to the internet.” In some cases, native security on these PLCs was so poor that attackers could compromise them directly. For those with slightly better defenses, standard tactics were enough to infect workstations and then move laterally into an ICS.

Once systems were infected, the team was able to lock down PLC devices and change their parameters, creating a kind of next-level ransomware. But instead of grabbing consumer or mission-critical data and holding it hostage, attackers could fundamentally alter industrial processes and demand full payment for restored function.

SCADA Malware on the Horizon

These processes cover just about everything, since PLCs are used to control motors, valves, sensors and other machinery in power plants, water treatment facilities and large public spaces such as hospitals and shopping malls.

Imagine what would happen if attackers were to gain access to the PLCs that control local power grids, for example. They could plunge entire cities into darkness by changing specific parameters and then demand a payout. With enough time, IT security experts might be able to undo the damage. Given the large number of controllers in use and the effort required to fix each one, however, companies are more likely to pay up than to risk public harm if a manual reset is necessary.

SCADA malware is on the horizon, but the research revealed a rapidly rising star. Companies need to take a hard look at their existing PLC and ICS layouts to minimize outward-facing connections and ensure stock security measures are replaced with less vulnerable variations.

More from

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read

Despite Tech Layoffs, Cybersecurity Positions are Hiring

4 min read - It’s easy to read today’s headlines and think that now isn’t the best time to look for a job in the tech industry. However, that’s not necessarily true. When you read deeper into the stories and numbers, cybersecurity positions are still very much in demand. Cybersecurity professionals are landing jobs every day, and IT professionals from other roles may be able to transfer their skills into cybersecurity relatively easily. As cybersecurity continues to remain a top business priority, organizations will…

4 min read

How I Got Started: White Hat Hacker

3 min read - White hat hackers serve as a crucial line of cyber defense, working to identify and mitigate potential threats before malicious actors can exploit them. These ethical hackers harness their skills to assess the security of networks and systems, ultimately helping organizations bolster their digital defenses. But what drives someone to pursue a career as a white hat hacker, and how do you get started in leveraging so-called “evil” skills for the greater good?? In this exclusive Q&A, we spoke with…

3 min read