David Formby, a Ph.D. student in the Georgia Tech School of Electrical and Computer Engineering, and Raheem Beyah, associate chair in the School of Electrical and Computer Engineering have authored the malware that was able to take over a simulated water treatment plant’s controls, according to a Georgia Tech release.
In a session at this year’s RSA Conference 2017 in San Francisco, Formby discussed how programmable logic controllers (PLCs) can easily be hacked and ultimately held for ransom.
Used to control factor processes and utilities, any of these poorly-secured PLCs are accessible online, readily available for attackers to exploit. In a recently released YouTube video, Formby demonstrates how the ransomware infected different types of PLC controls.
By compromising these controls, attackers would be able to manipulate valves and display false readings.