TrapX Security has identified a new malware campaign specifically targeting
IoT devices using Windows 7 at various global manufacturing sites. A
new report
from TrapX Research Labs details this campaign that uses a self-spreading
downloader that runs malicious scripts as part of the Lemon_Duck PowerShell
malware variant family. It has targeted a range of devices including smart
printers, smart TVs and automated guided vehicles (AGVs) at specific
manufacturer sites.
In
January 2020, Microsoft ended all support for Windows 7, despite the estimated
200 million devices that are still running the out-of-date operating system
(OS). This End of Life means there will be no more additional security patches,
fixes or functions, leaving these IoT devices at an increased risk. The
manufacturing sector faces large challenges due to its reliance on embedded
devices running legacy OS. These devices cannot be updated easily, and most
often need to be replaced in order to upgrade to new, more secure operating
systems. The existence of devices running legacy OS leaves these networks open
to the campaign causing risks to employee safety, disruption of production and,
in some cases, loss of sensitive data.
TrapX's
report on this malware campaign does a deep dive into its capabilities and how
it spreads throughout target networks. It found that the malware's infection
may cause IoT devices to malfunction, causing harm to workers on the
manufacturing floor, delays in the supply chain and damage to the brand's
reputation. The report describes the compromised security of industrial
equipment that could be life-threatening, as well as detailed forensics of the
malware utilized in the campaign.
"This
research is further proof of the growing complexity of security management as
businesses adopt new technologies such as IoT and cloud while still maintaining
legacy ones," said Ori Bach, Chief Executive Officer of TrapX Security. "To
remain effective, security products must be able to scale across the complex
threat landscape."
Main
security takeaways from the report:
- Window 7 End of Life indicates additional patches,
fixes, or functions are not available to protect these devices from future
threats.
- Infiltration risks damage to safety, the supply chain
and data loss, and, in extreme cases, cause a shutdown of the entire
production network.
- Devices from third-party vendors can enter the network
pre-infected.
- Further attacks are preventable if the proper
cybersecurity controls are in place, including:
- Change the default password on devices and avoid use
of weak passwords that can be brute forced
- Map out at-risk embedded devices running the now end
of life Windows 7 OS and the resulting operational impact of infections
to your network
- Replace sensitive devices with more up-to-date ones
and create further segmentation around devices that cannot be replaced
- Deploy detection and response solutions to monitor and
quarantine infected devices
The report outlines anonymized case studies of real
attacks and can serve as a guide for IT teams looking to better identify and
mitigate the threat. To
learn more about this campaign, download the New Malware Campaign Exploits
Vulnerabilities in Embedded Devices Targets Manufacturing Sites Report from
TrapX Research Labs.