Industrial control system malware CosmicEnergy lacks maturity, but organizations should not ignore it
The recently discovered malware named CosmicEnergy, specifically designed to target industrial control systems (ICS), has been analyzed by cybersecurity firm Dragos. The malware, linked to Russian threat actors, was detailed by Google-owned Mandiant in May, and it is designed to interact with ICS devices used in electric transmission and distribution, which may lead to electric grid disruptions. CosmicEnergy has two main components: LightWork and PieHop. While LightWork did run, it lacks development maturity and does not possess the full-fledged attacking capabilities of other ICS malware, such as Industroyer (aka CrashOverride) and Industroyer2.
No Evidence of the Malware Being Deployed
According to Dragos there is no evidence of the malware being deployed in the wild. Furthermore, the security firm noted that CosmicEnergy appears to have been created for training scenarios and that the malware‘s hardcoded Information Object Addresses (IOAs) and Common Address of Application Service Data Units (COAs) for targeting a specific range of equipment mark significant differences from Indutroyer and Indutroyer2. These two latter malware included configurable IOAs and COAs, and were used to launch attacks on Ukraine’s energy sector.
Recommendations for Industrial Organizations
Although CosmicEnergy malware might not pose a direct and immediate threat, Dragos has advised industrial organizations to take necessary measures to safeguard the security of their systems. Recommendations include restricting access to and monitoring MS SQL servers. The security firm has warned that this malware is the third discovery of IEC104 targeted tooling and therefore organizations should implement good security posture to be able to detect and mitigate potential future attacks.
Editorial: Internet Security and Cyber Threats
Recent research has shown that 90% of cyberattacks aimed at industrial organizations target OT networks. The potential consequences of such attacks are enormous and can range from power supply disruptions and environmental contamination to even loss of life. Every technological development that we witness introduces a new level of prevalent cyber threat.Industrial organizations must focus on and address their vulnerabilities to cyber threats by implementing security measures to safeguard their critical infrastructure.
Philosophical Discussion: Vulnerabilities in Technological Advancements
Technological advancements have many benefits for our daily lives, and they have positively impacted industries and sectors around the world. However, with every new advancement comes a new set of vulnerabilities and security risks. In the case of CosmicEnergy malware, the ICS industry has been warned to take preventive measures to defend itself against the new threat. The impact of internet security vulnerabilities is not only limited to the industrial domain but has broader implications. Therefore, appropriate steps have to be taken to minimize harm while safeguarding technological advancement.
Advice: Internet Security Measures
The ever-increasing dependence on technology highlights the importance of internet security. While technological solutions for internet security exist, human factors such as password security and awareness about phishing attempts, for example, also play a crucial role in mitigating cyber threats. As industrial organizations and related sectors continue to adopt new technologies, prioritizing cyber resilience and security measures in their operations is essential.
<< photo by Anete Lusina >>
You might want to read !
- The Importance of Patch Tuesday for Cybersecurity: Examining the Critical Flaws in Adobe Commerce Software.
- 2023 CISO Forum: Exploring Top Cybersecurity Challenges in a Virtual World – Register Now!
- “The State of App Security: 50% of Security Leaders Admit Inadequacies in Safeguarding App Secrets”
- The Urgency of Securing Critical Infrastructure from Ransomware Attacks
- The Growing Threat of Bulletproof Hosting Services: Romanian Operator Sentenced to Prison in US
- Exploring the Threat of CosmicEnergy ICS Malware: How Russia-Linked Malware Could Cause Chaos in the Electric Grid
- Exploring the Rising Threat of Cyber Attacks: A Closer Look at the MOVEit Incident and its Impact on Major Organizations
- The Rising Threat of Advanced Persistent Threats (APTs) Targeting Small Business MSPs.
- Overcoming the Hurdles of Developing a Robust Continuous Threat Exposure Management (CTEM) Program
- Secrets Sprawl: The Urgent Need for Action in the Face of a Rising Threat
- API Security: The Risk of Data Leakage