The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a significant alert (AA22-103A) yesterday advising that hackers created a custom toolset targeting ICS and SCADA OT security devices upon which critical infrastructure companies rely. This malware toolset conducts highly automated exploits against targeted devices found in “virtually all complex industrial plants.” These include Schneider Electric and OMRON Sysmac devices and OPC Unified Architecture (OPC UA) servers.

OTORIO and our clients know that to be the most effective, OT security and converged OT/IT/IIoT security requires a proactive approach to risk awareness, management, and mitigation and must be continuous and automated. According to Danny Bren, OTORIO’s CEO and Co-founder, “the latest CISA alert is hard evidence of the need to end the air gap and detect-and-response approach, and the value of adopting a risk-based approach to OT security. Critical infrastructure and industrial companies cannot afford to be reactive.” A utility plant, an energy company, or an industrial manufacturer that adopts a ‘set it and forget it’ strategy to protect its operational technology will be too late if it responds to an OT security breach that has already happened.

CISA’s stated that this malware toolkit uses​​ modular architecture that, if successfully deployed on critical infrastructure or industrial networks, lets cyber attackers move “laterally within an IT or OT environment and disrupt critical devices or functions.” 

Reference: CISA Alert (AA22-103A) - APT Cyber Tools Targeting ICS/SCADA Devices