On December 17th, 2014, the German Federal Office for Information Security reported on an attack on an industrial iron plant. The official report explained that through targeted email phishing and subsequent social engineering, attackers were able to gain access to the plant’s outward Windows-based system. From there, attackers were able to access production networks and cause serious issues with system controls, resulting in furnaces being unable to shut down properly and causing serious damage to the entire system.
This attack shares many similarities with the Stuxnet worm, which caused issues with a number of Iranian nuclear plants in June 2010. The worm, which the US and Israel have since claimed credit for, was typically installed via an infected flash drive. Using four different zero-day exploits, Stuxnet would propagate and conceal itself throughout the network, searching for compromised control units and modifying their code whenever possible. Stuxnet caused irreparable damage to the uranium refinement centrifuges of over one fifth of Iran’s nuclear plants before being resolved.
German officials say they do not know the reason behind this attack at present, but that they are investing this and a number of related incidents thoroughly. A number of security experts note that an official statement about an attack of this magnitude is uncommon, and may indicate a paradigm shift in the way governments handle cyber-to-physical attacks.
– Jacob Ryder