July 23, 2024 at 06:27AM
Industrial cybersecurity firm Dragos recently disclosed details on FrostyGoop, a new malware impacting industrial control systems (ICS). The malware was used in an attack in January 2024, resulting in a disruption to a municipal district energy company in Lviv, Ukraine. This incident caused a loss of heating for residents and lasted almost two days. The attackers gained access to the facility’s systems and used the Modbus protocol to impact operational technology (OT). The attack serves as a warning for the potential disruptions across various industrial sectors.
From the provided meeting notes, key takeaways include:
1. FrostyGoop is a newly discovered ICS-specific malware targeting industrial control systems, particularly using the Modbus protocol to cause disruptions to operational technology.
2. The attack occurred at a municipal district energy company in Lviv, resulting in a loss of heating for residents due to the disruption of central heating services.
3. Dragos, the security firm, observed attackers gaining access to the targeted energy facility’s systems through an internet-exposed Mikrotik router vulnerability, with no network segmentation in place.
4. FrostyGoop facilitated the attack by downgrading firmware, sending commands over the Modbus protocol, and interfering with controllers, ultimately causing inaccurate measurements and disruption.
5. The attack was not attributed to any specific country or known threat actor, although connections to Moscow-based IP addresses were noted. Both Russian and Ukrainian groups appear to be developing ICS malware.
6. Russian state-sponsored threat actors have been previously known to target Ukraine’s energy sector, and there have been instances of attacks causing power outages in Ukraine.
7. Other ICS malware, such as Trisis (Triton), CrashOverride (Industroyer), and Stuxnet, have been discovered, indicating a growing trend in ICS-targeted attacks.
These summaries provide a comprehensive understanding of the meeting notes, emphasizing the significant impact of FrostyGoop and the broader implications for industrial cybersecurity.