Security emergency: the growing danger of VHD malware on ICS systems

There is growing concern about the cyber security of Industrial Control Systems (ICS) due to the discovery of sophisticated malware targeting ICS or Air-Gapped systems. This advanced cyberthreat seeks to damage exposed critical control systems by attacking network nodes that should not be vulnerable, as they are physically isolated from networks.

Advanced and persistent malware

Identified as VHD, this next generation malware is an example of APT (Advanced Persistent Threat), an advanced persistent threat that uses sophisticated techniques to stay hidden while compromising the systems that host it. Despite growing interest from the cyber community, the provenance of VHDs remains uncertain. What is known is its unusual behavior: the malware acts in a targeted manner, appears to have specific goals, and does not spread indiscriminately.

Modus operandi of the attack

VHD demonstrates a multi-vector approach to intrusion. First of all, the malware attacks system networks, by bruteforcing techniques on exposed Remote Desktop Protocol (RDP) ports. Once inside, the VHD spreads through internal networks, attempting to infect as many devices as possible. Considering its apparent targets, ICS Air-Gapped systems, the malware employs sophisticated techniques.

Prevention and protection

Once again, these revelations underscore the importance of cyber protection and prevention tactics, especially for those network nodes generally considered safe due to their physical isolation. One of the best ways to deal with these threats is to adopt a layered defense approach that incorporates both vulnerability management and active system monitoring to detect and respond to any attempted unauthorized intrusions. The advance of cyber threats requires constant updating and strengthening of cyber defense strategies.