FrostyGoop malware uses Modbus, threatens ICS systems worldwide
A new malware strain, "FrostyGoop," targets operational technology systems globally via Modbus TCP communications. An attack on a Ukrainian energy company caused a two-day heating outage, highlighting the need for enhanced network monitoring and security measures to protect critical infrastructure.
Read original article
A new malware strain named "FrostyGoop" has been identified, utilizing Modbus TCP communications to target operational technology (OT) systems globally. The malware was observed in an attack on an energy company in Ukraine, resulting in a two-day loss of heating for customers. Security experts emphasize the urgent need for enhanced network visibility and monitoring of Modbus traffic to detect and prevent such attacks. Modbus, a widely used protocol in industrial control systems, presents vulnerabilities due to its open nature and prevalence in various devices. Experts warn that the lack of network segmentation and exposure of Modbus ports to the internet can facilitate attacks on critical infrastructure sectors like power and water. Collaborative security efforts, real-time information sharing, and proactive measures to isolate OT protocols from internet-exposed networks are recommended to mitigate the impact of such malicious activities on essential services. The incident underscores the importance of securing industrial control systems and implementing robust defense mechanisms to safeguard critical infrastructure against cyber threats.
Related
The Growing Threat of Malware Concealed Behind Cloud Services
Cybersecurity threats evolve with malware operators using cloud services like UNSTABLE and Condi botnets. FortiGuard Labs advises enhancing cloud security defenses to combat growing cybercriminal activities effectively.
Poseidon malware menaces Mac users via GoogleAds
A MacOS malware named 'Poseidon' masquerades as the Arc web browser in Google ads, redirecting users to a fake site for trojan downloads. It aims to steal credentials and VPN settings for potential data theft. Researchers warn of its resemblance to the AtomicStealer malware family, advising caution in app downloads to prevent infection and data breaches.
Threat actors quick to weaponize PoC exploits; 6.8% of all internet traffic DDoS
Hackers exploit PoC exploits within 22 minutes of release, leaving little time for defense. Cloudflare advises using AI for quick detection rules. DDoS attacks contribute to 6.8% of daily internet traffic, rising to 12% during major events.
Hackers shut down heating in Ukrainian city with malware, researchers say
Hackers used FrostyGoop malware to disrupt Lviv's energy company, causing a two-day heating outage in 600+ buildings. Dragos identified the attack, emphasizing the global threat of cyberattacks on critical infrastructure.
How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter
Russia-linked malware FrostyGoop disrupted Lviv heating utility, affecting 600 buildings for 48 hours in January. The attack manipulated temperature readings via Modbus protocol, showcasing evolving tactics in Russia's campaign against Ukraine.
2 commentsRelated
The Growing Threat of Malware Concealed Behind Cloud Services
Cybersecurity threats evolve with malware operators using cloud services like UNSTABLE and Condi botnets. FortiGuard Labs advises enhancing cloud security defenses to combat growing cybercriminal activities effectively.
Poseidon malware menaces Mac users via GoogleAds
A MacOS malware named 'Poseidon' masquerades as the Arc web browser in Google ads, redirecting users to a fake site for trojan downloads. It aims to steal credentials and VPN settings for potential data theft. Researchers warn of its resemblance to the AtomicStealer malware family, advising caution in app downloads to prevent infection and data breaches.
Threat actors quick to weaponize PoC exploits; 6.8% of all internet traffic DDoS
Hackers exploit PoC exploits within 22 minutes of release, leaving little time for defense. Cloudflare advises using AI for quick detection rules. DDoS attacks contribute to 6.8% of daily internet traffic, rising to 12% during major events.
Hackers shut down heating in Ukrainian city with malware, researchers say
Hackers used FrostyGoop malware to disrupt Lviv's energy company, causing a two-day heating outage in 600+ buildings. Dragos identified the attack, emphasizing the global threat of cyberattacks on critical infrastructure.
How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter
Russia-linked malware FrostyGoop disrupted Lviv heating utility, affecting 600 buildings for 48 hours in January. The attack manipulated temperature readings via Modbus protocol, showcasing evolving tactics in Russia's campaign against Ukraine.