Forescout has published a report on a set of “Icefall” of 56 vulnerabilities that affect operating technology (OT) equipment used in various critical infrastructure environments.
The Icefall suite affects devices from 10 vendors. Disadvantages allow an attacker to carry out:
- remote code execution ;
- compromising credentials ;
- changing the firmware and configuration;
- bypassing authentication.
Icefall affected the equipment of the following companies:
- Siemens ;
- Bentley Nevada;
- Phoenix Contract;
According to the Forescout report , “many vulnerabilities are related to the lack of OT security”. In addition, in devices «violated many authentication schemes”, which indicates insufficient equipment safety measures.
According to Forescout experts, an attacker can also use Icefall to:
create a false alarm;
- change the set flow values;
- disrupt SCADA operations ;
- turn off the emergency shutdown and fire safety system.
According to the researchers, energy companies and gas transportation firms are under threat. Analysts used the Shodan website and found more than 5,300 vulnerable devices from various manufacturers around the world. 74% of vulnerable products had security certification, which indicates the unreliability of the device protection verification procedure.
The researchers recommended that specialists apply the following protective measures:
- Install the latest software updates;
- Segment the network;
- Monitor device traffic and activity;
- Use switches.
In recent years, Icefall-affected systems have become a frequent target for the Industriyer2 and CaddyWiper malware, which were deployed by Russian hackers against Ukrainian power plants.
Earlier , experts warned of an increase in the risk of cyber attacks on the energy sector in the next 2 years . According to more than 85% of experts in the field of energy, renewable energy and oil and gas sector, a cyber attack on the industry can lead to a shutdown, damage to energy assets and critical infrastructure.