March 5, 2024 at 02:55PM
The proliferation of programmable logic controllers (PLCs) with embedded Web servers has enabled remote attacks on industrial control systems. A team at the Georgia Institute of Technology has developed Web-based malware to exploit PLCs, manipulatively controlling physical systems and posing severe threats to critical infrastructure and safety. The method provides platform independence, ease-of-deployment, and high persistence, making it a significant advancement in PLC cyberattacks.
The meeting notes highlight the rising threat of cyberattacks on industrial control systems (ICS) in critical infrastructure sectors, particularly those using programmable logic controllers (PLCs) with embedded Web servers. Researchers at the Georgia Institute of Technology have developed a new strain of malware targeting PLCs, which can be used to remotely access and manipulate the embedded Web server. This Web-based malware represents a significant advancement as it overcomes some of the limitations of traditional PLC malware, such as platform independence, ease of deployment, and higher levels of persistence. The potential impact of such attacks is severe, including the disruption or sabotage of physical processes and machinery within critical infrastructure settings, with the potential for devastating outcomes, including loss of life. The researchers also outlined a proof-of-concept cyberattack scenario, demonstrating how an attacker could gain initial access to a PLC and use its legitimate application programming interfaces (API) to disrupt the underlying machinery. This new Web-based PLC malware is designed to reside in PLC memory and can be executed client-side by various browser-equipped devices throughout the ICS environment. The researchers emphasized that this type of malware is easier to deploy and control, and is mostly platform-agnostic. This research underscores the urgent need for enhanced cybersecurity measures to protect critical infrastructure from such cyber threats.