The malware can subsume devices and add them to a botnet, meaning they could then be accessed by unauthorised users to help complete power-intensive tasks (like crypto-mining) that demand a network of distributed computers. Although securely sharing passwords for company devices has been made safer by technology like password managers for teams, This scam suggests enough employees evidently still seek out password-cracking tools for the scam to be worthwhile. PLCs are essentially machines that set rules for industrial machinery like assembly lines or conveyor belts, and can be programmed to obey certain logical rules. HMIs, on the other hand, are any consoles that allow humans to interact with devices, although they’re usually only called this in the context of industrial processes. The adverts concern HMI/PLC terminals from companies such as Automation Direct, LG, Fuji Electric, Mitsubishi, Omron, Siemens, Vigor, Pro-Face, Allen Bradley, Weintek, ABB, and Panasonic.
What Does the Malware Do?
Instead of unlocking password-protected devices of the kind listed above, Sality instead exploits firmware vulnerabilities to retrieve passwords and turns the host device into a peer in a P2P botnet. In order to maintain persistence in the host and spread to other devices on the same networks, the malware abuses the Windows autorun function and subsequently spreads copies of itself through USBs, external storage drives, and network shares. Kernel drivers were also deployed by Sality to remove antivirus software and firewalls present on devices. Dragos researchers observed additional malware being deployed to hijack clipboards and check for cryptocurrency address formats, reflecting that the motivation behind the attack is is likely financial.
Why Would You Need a Password Cracker Anyway?
You may be wondering: what’s the use case for a password cracker of this sort, and wouldn’t security researchers be extra cautious when downloading such tools? The security team who discovered the malware detailed a scenario in which a password cracker would need to be acquired: An engineer, Dragos says, may need to update a programmable logic controller that presides over some sort of assembly line machinery after the retirement of a senior IT engineer who used to have responsibility for the system, only to find themselves password restricted. They may turn to the internet for answers, and – particularly when pressed for time – be tempted into purchasing a password unlocking device for a PLC or HMI. To avoid being scammed, they should contact the former employee or the manufacturer.
Storing Passwords Securely
In the context of the case provided by Dragos, Sality malware relies on poor management of account credentials by industrial businesses. Although the example given by Dragos concerns an employee leaving, an employee who’s forgotten a password and is unable to reset it may feel the same way, and that they have no option but to turn to password-cracking software available online, no matter how dodgy. Password managers for businesses can prevent these problems from ever occuring, by offering secure storage for shared passwords that might be needed by more than one member of staff. Using a password manager for this kind of account credentials means you’ll never be in a position where you’ll be left with no choice but to deploy some unverified password-unlocking software.
Best Password Managers for Business Use
