New Malware Threatens Critical Engineering Processes In Industrial Control Systems - 1

Image by DC Studio, from Freepik

New Malware Threatens Critical Engineering Processes In Industrial Control Systems

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Forescout Research has identified a growing threat targeting engineering workstations in operational technology (OT) and industrial control systems (ICS).

In a Rush? Here are the Quick Facts!

  • Malware like Ramnit and Chaya_003 disrupt critical engineering processes in OT environments.
  • Over 20% of OT incidents involve compromising engineering workstations, according to SANS Institute.
  • Ramnit, originally targeting banking credentials, now infects OT systems through compromised devices.

The analysis , released on Tuesday highlights how malware targeting these workstations is increasingly common.

The research focused on malware found in VirusTotal, which included incidents involving the Mitsubishi engineering workstation infected with the Ramnit worm, as well as new experimental malware known as Chaya_003, which disrupts Siemens engineering processes.

OT-specific malware, although less prevalent than attacks on enterprise software or mobile operating systems, is a significant concern for security operators in industrial environments.

Engineering workstations, which play a central role in controlling and monitoring critical infrastructure, are prime targets for these types of attacks. A report by the SANS Institute identified engineering workstation compromise as a leading attack vector, responsible for over 20% of OT system incidents.

The analysis by Forescout focused on malware targeting engineering workstations, which run both traditional operating systems like Windows and specialized engineering software, such as Siemens TIA Portal and Mitsubishi GX Works.

The research found two main clusters of malware targeting these workstations. In one case, Mitsubishi GX Works executables were infected with the Ramnit worm in two separate incidents. The second involved three samples of a new malware variant, Chaya_003, which was specifically designed to terminate Siemens engineering processes.

Ramnit, a malware strain initially known for targeting banking credentials, has evolved into a more sophisticated platform capable of infecting OT systems. The recent findings by Forescout show that Ramnit remains a persistent threat to OT networks.

The malware can spread through compromised physical devices like USB drives or poorly secured network systems. Although the specific vector for these infections remains unclear, it is evident that the malware continues to affect OT environments.

Chaya_003, on the other hand, represents a new and evolving threat. The malware’s primary functionality includes terminating critical engineering processes. Its design suggests deliberate attempts to masquerade as legitimate system processes to avoid detection by security software.

Forescout says that the malware is delivered through a command-and-control (C2) infrastructure that relies on legitimate services like Discord webhooks, making it harder to detect.

The research stresses the importance of securing engineering workstations to prevent these types of attacks. Recommendations include updating software regularly, implementing robust endpoint protection, and segmenting networks to limit access to critical systems.

The increasing sophistication of these attacks, driven by the availability of generative AI tools, highlights the need for proactive security measures in the OT sector.

The research by Forescout also warns that as malware targeting engineering processes becomes more accessible, the line between less skilled and more advanced attackers continues to blur, making it harder to distinguish between simple and highly sophisticated threats.

Meta Fined €251 Million Following Data Breach Affecting Millions - 2

Image by Nokia621, from Wikimedia Commons

Meta Fined €251 Million Following Data Breach Affecting Millions

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

The Irish Data Protection Commission (DPC) has imposed a €251 million fine on Meta Platforms Ireland Limited (MPIL) following two inquiries into a major data breach that occurred in 2018, as reported on a DPC press release .

In a Rush? Here are the Quick Facts!

  • 29 million Facebook accounts globally were affected, including 3 million in the EU.
  • Fines include €8 million for failure to notify breach details, €3 million for documentation.
  • DPC warns about risks of unauthorized exposure of sensitive personal data on Facebook.

The breach, which affected around 29 million Facebook accounts globally, exposed sensitive personal data, including names, email addresses, phone numbers, and more. Of those impacted, approximately 3 million accounts were based in the European Union and European Economic Area (EU/EEA), said the DPC.

The breach occurred when unauthorized third parties exploited user tokens on the Facebook platform, gaining access to user data. MPIL reported the incident in September 2018, and the breach was remedied promptly by MPIL and its US parent company.

The Record notes that a Meta spokesperson issued a statement highlighting that the fine stems from an incident that occurred six years ago.

“We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission,” the statement said, as reported by The Record. “We have a wide range of industry-leading measures in place to protect people across our platforms.”

The first decision focused on Meta’s failure to include all required information in its breach notification. Specifically, the company did not provide sufficient details about the breach. Additionally, Meta was reprimanded for failing to document the facts of the breach. As a result, the DPC levied fines of €8 million and €3 million, respectively.

The second decision concerned Meta’s failure to uphold data protection principles in its system design, since it was found to have inadequately integrated data protection safeguards into its processing systems.

Furthermore, Meta was penalized for not ensuring that only necessary personal data was processed. The fines for these violations totaled €130 million and €110 million, said the DPC.

Graham Doyle, Deputy Commissioner of the DPC, emphasized the seriousness of the breach, highlighting how inadequate data protection measures can expose individuals to significant risks.

“Facebook profiles can, and often do, contain information about matters such as religious or political beliefs, sexual life or orientation, and similar matters that a user may wish to disclose only in particular circumstances.” Doyle said in the press release.

“By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data,” Doyle added.

This enforcement action serves as a stark reminder of the importance of robust data protection measures for companies operating within the EU.

The fine announced on Tuesday marks the latest financial penalty Meta has faced for breaching European data protection laws. In September, the DPC imposed a $101.5 million fine on Meta for failing to properly protect users’ password data .