{"673261":{"#nid":"673261","#data":{"type":"news","title":"Critical Infrastructure Systems Are Vulnerable to a New Kind of Cyberattack","body":[{"value":"\u003Cp\u003EIn recent years, browser and web-based technology has become a powerful tool for operators of infrastructure and industrial systems. But it also has opened a new pathway for bad actors to seize control of these systems, potentially endangering critical power, water, and other infrastructure.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EGeorgia Tech researchers have found a way to hijack the computers that control these physical systems. Called programmable logic controllers (PLCs), they increasingly have embedded webservers and are accessed on site via web browsers. Attackers can exploit this approach and gain full access to the system.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThat means they could spin motors out of control, shut off power relays or water pumps, disrupt internet or telephone communication, or steal critical information. They could even launch weapons \u2014 or stop the launch of weapons.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u201cWe think there is an entirely new class of PLC malware that\u0027s just waiting to happen. We\u0027re calling it web-based PLC malware. And it gives you full device and physical process control,\u201d said Ryan Pickren, a Ph.D. student in the \u003Ca href=\u0022https:\/\/ece.gatech.edu\/\u0022\u003ESchool of Electrical and Computer Engineering\u003C\/a\u003E (ECE) and the lead author of a new study describing the malware and its implications.\u003C\/p\u003E\r\n\r\n\u003Cp\u003EThe research team will \u003Ca href=\u0022https:\/\/www.ndss-symposium.org\/ndss-paper\/compromising-industrial-processes-using-web-based-programmable-logic-controller-malware\/\u0022\u003Epresent their findings Feb. 29\u003C\/a\u003E at the \u003Ca href=\u0022https:\/\/www.ndss-symposium.org\/ndss2024\/\u0022\u003E2024 Network and Distributed Systems Security Symposium\u003C\/a\u003E.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022https:\/\/coe.gatech.edu\/news\/2024\/02\/critical-infrastructure-systems-are-vulnerable-new-kind-cyberattack\u0022\u003E\u003Cstrong\u003EGet the full story on the College of Engineering website.\u003C\/strong\u003E\u003C\/a\u003E\u003C\/p\u003E\r\n","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EEngineers and computer scientists show how bad actors can exploit browser-based control systems in industrial facilities with easy-to-deploy, difficult-to-detect malware.\u003C\/p\u003E\r\n","format":"limited_html"}],"field_summary_sentence":[{"value":"Engineers and computer scientists show how bad actors can exploit browser-based control systems in industrial facilities with easy-to-deploy, difficult-to-detect malware."}],"uid":"27446","created_gmt":"2024-02-29 13:59:06","changed_gmt":"2024-02-29 13:59:05","author":"Joshua Stewart","boilerplate_text":"","field_publication":"","field_article_url":"","dateline":{"date":"2024-02-29T00:00:00-05:00","iso_date":"2024-02-29T00:00:00-05:00","tz":"America\/New_York"},"extras":[],"hg_media":{"673257":{"id":"673257","type":"image","title":"Industrial Control Screen (iStock)","body":"\u003Cp\u003EInstead of a dedicated terminal or control pad running custom software specific to the device, manufacturers for industrial and infrastructure systems have turned to web-based management. Now, devices often have embedded web servers. The human-machine interfaces \u2014 think keypads or control panels like this \u2014 are actually mini web browsers rendering a web page with readouts of the current status and digital visualizations of the controls. This web-based architecture is opening the door to a new kind of malware attack that could give bad actors full control of critical infrastructure or other industrial systems.\u003C\/p\u003E\r\n","created":"1709215002","gmt_created":"2024-02-29 13:56:42","changed":"1709214835","gmt_changed":"2024-02-29 13:53:55","alt":"A finger nearly touching a control screen on an industrial system. The screen shows a visualization of the various components of the system.","file":{"fid":"256625","name":"Industrial-Control-Screen-iStock-1208173993-t.jpg","image_path":"\/sites\/default\/files\/2024\/02\/29\/Industrial-Control-Screen-iStock-1208173993-t.jpg","image_full_path":"http:\/\/hg.gatech.edu\/\/sites\/default\/files\/2024\/02\/29\/Industrial-Control-Screen-iStock-1208173993-t.jpg","mime":"image\/jpeg","size":1522763,"path_740":"http:\/\/hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/2024\/02\/29\/Industrial-Control-Screen-iStock-1208173993-t.jpg?itok=bKzFzbwL"}}},"media_ids":["673257"],"groups":[{"id":"1237","name":"College of Engineering"}],"categories":[{"id":"145","name":"Engineering"}],"keywords":[{"id":"1404","name":"Cybersecurity"},{"id":"192784","name":"industrial security"},{"id":"177569","name":"critical infrastructure"},{"id":"67741","name":"Raheem Beyah"},{"id":"191069","name":"Saman Zonouz"},{"id":"174361","name":"Ryan Pickren"},{"id":"187915","name":"go-researchnews"}],"core_research_areas":[{"id":"145171","name":"Cybersecurity"}],"news_room_topics":[{"id":"71881","name":"Science and Technology"}],"event_categories":[],"invited_audience":[],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003E\u003Ca href=\u0022mailto:jstewart@gatech.edu\u0022\u003EJoshua Stewart\u003C\/a\u003E\u003Cbr \/\u003E\r\nCollege of Engineering\u003C\/p\u003E\r\n","format":"limited_html"}],"email":["jstewart@gatech.edu"],"slides":[],"orientation":[],"userdata":""}}}