<![CDATA[Critical Infrastructure Systems Are Vulnerable to a New Kind of Cyberattack]]>

673261 news 1709215146 1709215145 <![CDATA[Critical Infrastructure Systems Are Vulnerable to a New Kind of Cyberattack]]> In recent years, browser and web-based technology has become a powerful tool for operators of infrastructure and industrial systems. But it also has opened a new pathway for bad actors to seize control of these systems, potentially endangering critical power, water, and other infrastructure.

Georgia Tech researchers have found a way to hijack the computers that control these physical systems. Called programmable logic controllers (PLCs), they increasingly have embedded webservers and are accessed on site via web browsers. Attackers can exploit this approach and gain full access to the system.

That means they could spin motors out of control, shut off power relays or water pumps, disrupt internet or telephone communication, or steal critical information. They could even launch weapons — or stop the launch of weapons.

“We think there is an entirely new class of PLC malware that's just waiting to happen. We're calling it web-based PLC malware. And it gives you full device and physical process control,” said Ryan Pickren, a Ph.D. student in the School of Electrical and Computer Engineering (ECE) and the lead author of a new study describing the malware and its implications.

The research team will present their findings Feb. 29 at the 2024 Network and Distributed Systems Security Symposium.

Get the full story on the College of Engineering website.

]]> 2024-02-29T00:00:00-05:00 Engineers and computer scientists show how bad actors can exploit browser-based control systems in industrial facilities with easy-to-deploy, difficult-to-detect malware.

]]> 673257 image <![CDATA[Industrial Control Screen (iStock)]]> Instead of a dedicated terminal or control pad running custom software specific to the device, manufacturers for industrial and infrastructure systems have turned to web-based management. Now, devices often have embedded web servers. The human-machine interfaces — think keypads or control panels like this — are actually mini web browsers rendering a web page with readouts of the current status and digital visualizations of the controls. This web-based architecture is opening the door to a new kind of malware attack that could give bad actors full control of critical infrastructure or other industrial systems.

]]> 256625 image/jpeg Joshua Stewart
College of Engineering

]]> 1237 145 71881 1237 1404 192784 177569 67741 191069 174361 187915