A malware strain is threatening critical services
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Maura Losch/Axios
Cyber defenders have uncovered a new malware strain targeting critical infrastructure sectors, according to a report from Dragos released Tuesday.
Why it matters: Officials found the new malware while investigating a January cyberattack on a Ukrainian energy company.
- The malware disrupted the heating supply for more than 600 apartment buildings, subjecting civilians in Lviv, Ukraine, to subzero temperatures for nearly two days.
- Researchers now warn that the malware could have the ability to target a wide range of devices that critical infrastructure operators rely on.
Zoom in: In its report, Dragos, which specializes in critical infrastructure security, shared details about the new malware.
- Called FrostyGoop, the malware targets Modbus, a protocol designed in the 1970s that facilitates communications between network devices and critical infrastructure hardware.
- In the Ukraine case, the malware was found on ENCO-branded heating system controllers, and the attackers were able to revert the controllers to an older version that lacked essential activity monitoring tools.
- Once it infects a device, FrostyGoop is able to send communications that look legitimate to various devices on a critical infrastructure system over the Modbus communications system.
Threat level: FrostyGoop has the potential to disrupt all critical infrastructure sectors, not just the electric sector, and it currently isn't detectable by traditional antivirus tools, Dragos found.
- The researchers did not say who may have been behind the Ukraine attack or the creation of this malware.
The bottom line: Dragos recommends that all critical infrastructure operators limit which devices are connected to those that rely on Modbus and that they conduct assessments to ensure that Modbus devices aren't connected to the public-facing internet.
