.png)
I saw an article recently about how Georgia Institute of Technology researchers came up with a novel idea on how to create new PLC malware to infect OT devices. After my first thought, “Why would they do that and then publish it to the world!” I thought about the implications of this on our OT customers. Before I go into how to stop the attacks, let’s understand what they say in the research.
Rather than developing custom software for each type of PLC, the method enables the malware to attack the APIs exposed by the web-based administration software. With this approach, they can falsify the sensor readings, disable security alarms, manipulate physical actuators, and make other damaging modifications. They believe that every major PLC vendor (80% of the market) was vulnerable to this attack vector. If you are interested, you can read the entire paper here.
Since BlastWave focuses on NOT letting attackers have access to the HMIs for PLCs, how can you prevent a novel attack like this?
First, the HMIs shouldn’t be accessible by hackers. The primary method for this would be to ensure only passwordless MFA Secure Remote Access is allowed to that system. Hackers can’t spoof that yet. It also highlights the importance of preventing lateral movement within the OT network by segmentation. In the case of a group of PLC devices, you might let the devices in the group talk to each other and the HMI system but not any other devices on the OT network.
In today’s environment, an attack like this is very dangerous because it could easily fall into the “Ask GenAI to create a no-code attack” vector without a hacker's sophisticated skills. Protecting your network from AI-enabled attacks like this is more important than ever.
If you are interested in hearing more about how to protect your OT network from AI, register for our webinar and download our ebook.
Follow Us
Experience the simplicity of BlastShield to secure your OT network and legacy infrastructure.
.svg)