SecurityWeek reports that modern programmable logic controllers could be compromised in remote Stuxnet malware-like attacks with the use of novel IronSpider web-based malware developed by Georgia Institute of Technology researchers.
In a simulated intrusion against Wago PLCs, IronSpider enabled the exploitation of legitimate web APIs to facilitate industrial process disruption while easily evading detection by security systems. Service workers have also been used by IronSpider to ensure persistence even after firmware updates and hardware replacements, according to researchers. Such an intrusion was akin to the Stuxnet malware attacks launched against Iran's nuclear program despite significant differences in the methods of compromise, researchers said. "Stuxnet attacked PLCs via control logic malware that it deployed via compromised engineering workstations […]. IronSpider, however, used web-based malware that it deployed using a malicious website without needing to compromise any peripheral systems," said researchers, who added that the novel malware could also be leveraged in attacks against other PLCs.
