Malware designed to target Industrial Control Systems (ICS) like oil refineries, power grids, water processing plants and factories has been discovered by Dragos, a cyber security firm – triggering warnings from the US Government for critical infrastructure owners worldwide to take note.
It comes at a time where critical infrastructure is already experiencing increased malicious cyber activity as a result of the Russia-Ukraine conflict prompting a joint cyber security advisory from the cyber security authorities of Australia, New Zealand, United States, Canada and United Kingdom.
What is a Pipedream?
Pipedream joins other ICS Specific malwares such as Stuxnet, Havex, BlackEnergy 2, CrashOverride/Industroyer, Trisis/Triton and Industroyer 2.
Pipedream has the ability to manipulate Programmable Logic Controllers (PLC) along with industrial software like Schneider Electric and Omron. Pipedream can additionally attack industrial technologies like Modbus and CODESYS and Open Platform Communications Unified Architecture. One of the reasons why Pipedream is difficult to detect, is that it takes advantage of native functionality and with the ability to spread from one controller to another, Pipedream can cause significant damage if the attacker chooses to do so.
Currently it is believed that Pipedream is targeted to the Energy and Gas sector, however it’s not to say that it can’t be adapted to target additional industries. According to Dragos, “Tools in Pipedream can scan for new devices, brute force passwords, sever connections, and then crash the target device. To accomplish these goals, Pipedream uses several different protocols, including Omron’s proprietary FINS, Modbus, and Schneider Electric’s implementation of CODESYS. Given the variety of protocols that Pipedream abuses, CHERNOVITE possesses a breadth of ICS knowledge beyond any of Dragon's previously discovered activity groups.”
How can companies respond?
Companies need to understand their levels of vulnerabilities that exist in their Operational Technology (OT) environment and how to better secure critical infrastructure. As targeted OT environment attacks increase, with potential to cause real world damage, a robust cyber security programme is required.
For the Risk Manager
For the CISO
How can Marsh help
Marsh’s Cyber team is available to you at any time to provide best-in-class answers, service, and solutions for cyber risk management planning and optimisation, cyber incident response and management and cyber coverage review or placement. For more information, contact your Marsh representative or a member of the Marsh cyber consulting team.
This publication is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein. LCPA: 22/182
