The two German hackers Spenneberg Ralph and Mike Bruggemann presented a worm capable of spreading by Siemens PLCs without the support of a PC or other systems.
World’s First Worm For Programmable Controllers Distributed Without PCSecurity researchers created the world’s first worm for the programmable logic controllers (PLCs) which can cause critical catastrophic damage to the infrastructure enterprises worldwide, including power plants.
Unlike the other similar programs, The two German hackers Spenneberg Ralph and Mike Bruggemann developed a worm which is able to spread the PLC without infecting a desktop or laptop. Before infecting the programmable logic controllers, malware like Stuxnet must first get on the PC. This means that the further spread of malware, and you can stop by removing the infected computers.
According to the researchers, their worm spreads like cancer between Siemens S7 PLC 1200, however, it can be recycled by the other controllers. Depending on the PLC which uses the facility where a worm can also infect its own system using a proxy server chain.
“Nash is the first worm that can spread on the Siemens PLCs without the support of a PC or other systems,” said the german hacker Spenneberg Ralph. Hence, in addition, the german hacker Spenneberg Ralph also demonstrated an example, “Imagine that the PLC were intercepted on the way to your company or by the supplier. You almost can not find it, and it (the worm – Ed.) Quickly spread throughout the enterprise network. We will be able to cause a denial of service and bring the PLC fails. Imagine the consequences if this happens at a critical enterprise infrastructure”.
In Asia BlackHat security conference Alexander Bolshev, the Security Consultant for IOActive, and Marina Krotofil, Security Researcher at the Honeywell Cyber Security Lab, introduced a way to hide the worm activity developed by the German hackers Spenneberg Ralph and Mike Bruggemann. With it, an attacker can change the frequency and amplitude of the waves generated by the PLC and thereby mask the attack. As the results of a study conducted in collaboration with Marina Krotofil (Marina Krotofil) from Honeywell’s, an attacker can penetrate into the remote station along with the main gas supply line, hence, to determine the frequency of normal waves and play them back with the help of high-frequency components.