From the files on what could go wrong, here's what's happening: Password cracking software peddlers target hardware used in industrial control facilities with malicious code which integrates their systems with a botnet, reported a researcher.
Lost passwords happen in many organizations. A programmable logic controller - used to automate processes inside factories, power plants and other industrial environments, for example, can be set up and largely forgotten over the next few years. When a replacement engineer later identifies an issue affecting the API, they may discover that the now long-departed original engineer never left the password behind before leaving the company.
According to a blog post by security firm Dragos, an entire malware ecosystem is trying to take advantage of scenarios like this inside industrial facilities. Online advertisements like the ones below promote password crackers for APIs and HMIs, which are the workhorses of these environments.
Enlarge
Draco
Dragos
When your industrial system is part of a botnet
Dragos, which helps companies secure industrial control systems from ransomware, state-sponsored hackers and potential saboteurs, recently performed a routine vulnerability assessment and found software touted as a cracker passwords for the DirectLogic 06, a PLC sold by Automation Direct. The software recovered the password, but not through the normal method of cracking the cryptographic hash. Instead, the software exploited a zero-day vulnerability in direct automats that exposed the access code.
Enlarge
Draco
"Previous research targeting DirectLogic APIs has yielded successful cracking techniques," wrote Dragos Researcher Sam Hanson. "However, Dragos discovered that this exploit does not crack a scrambled version of the password as seen historically in popular exploit frameworks. Instead, a specific sequence of bytes is sent by the software launcher malware to a COM port."
From the files on what could go wrong, here's what's happening: Password cracking software peddlers target hardware used in industrial control facilities with malicious code which integrates their systems with a botnet, reported a researcher.
Lost passwords happen in many organizations. A programmable logic controller - used to automate processes inside factories, power plants and other industrial environments, for example, can be set up and largely forgotten over the next few years. When a replacement engineer later identifies an issue affecting the API, they may discover that the now long-departed original engineer never left the password behind before leaving the company.
According to a blog post by security firm Dragos, an entire malware ecosystem is trying to take advantage of scenarios like this inside industrial facilities. Online advertisements like the ones below promote password crackers for APIs and HMIs, which are the workhorses of these environments.
Enlarge
Draco
Dragos
When your industrial system is part of a botnet
Dragos, which helps companies secure industrial control systems from ransomware, state-sponsored hackers and potential saboteurs, recently performed a routine vulnerability assessment and found software touted as a cracker passwords for the DirectLogic 06, a PLC sold by Automation Direct. The software recovered the password, but not through the normal method of cracking the cryptographic hash. Instead, the software exploited a zero-day vulnerability in direct automats that exposed the access code.
Enlarge
Draco
"Previous research targeting DirectLogic APIs has yielded successful cracking techniques," wrote Dragos Researcher Sam Hanson. "However, Dragos discovered that this exploit does not crack a scrambled version of the password as seen historically in popular exploit frameworks. Instead, a specific sequence of bytes is sent by the software launcher malware to a COM port."
Expand
Getty Images
Enlarge
Draco
Dragos
Enlarge
Draco
Enlarge
Draco
