Power plant reportedly hit by mouse ransomware attack
- February 27, 2020
- Posted by: Kerry Tomlinson, Archer News
- Category: Archer News, Cyber Crime, Cyber Crime, Cyberattack, Cyberattack, Financial Sector Security, Hacking, Industrial Control System Security, Posts with image, Power Grid, Power Grid, Ransomware, Ransomware
Email might have been easier.
But attackers reportedly planted an infected mouse in an energy company to launch a successful ransomware attack at the beginning of 2019.
Mouse with a Secret
On the outside, it’s a mouse — the kind you see and use at computers around the world. But inside, it has a secret.
Yossi Appleboum of Sepio Systems and his colleagues rigged it with a small computer called a Raspberry Pi to simulate the mouse used in a recent ransomware attack on a power plant.
“Let’s call it a replica,” Appleboum said in an interview at an office near the RSA cybersecurity conference in San Francisco.
“It looks like a mouse. It works as the mouse,” he added. “But inside there is a small implant used by cybercriminals in order to attack a highly-secured network.”
Help on the Inside
The crooks targeted a power plant visitor, a trusted person with access to the sensitive industrial computers, he told Archer News.
They convinced him to switch out a real mouse for the weaponized mouse at an industrial computer called a human machine interface or HMI, according to Appleboum.
“From a remote location, someone else took control of the machines,” he said.
Took control and launched ransomware.
The power plant paid the money but did not get their files back and had to rebuild, affecting the facility for three months, Appleboum said.
Eventually, investigators tracked down the mouse-planting “trusted visitor,” who allegedly did it for the money.
“He was, by the way, the only one that was caught,” Appleboum said. “He didn’t even know who was operating it.”
Though attackers had direct access to the industrial computers, they apparently restricted their attack to ransomware and did not do any other damage.
“The attackers were not super sophisticated, to be honest,” he said.
He did not provide the name or location of the power plant, except to say that it was not in the U.S.
The attack did not make headlines in the news, according to Appleboum.
“No, they worked really hard, you know. Keep it off the news,” he said.
Pay to Play
Criminals sell this kind of ‘hardware attack’ as a service, he said.
You choose the location, they find a way to get the device in — for the right price.
“They’ll hire the guy, the one that will bring it in,” Appleboum said. “And it’s really James Bond stories, cleaning teams, whatever you demand, you can imagine, are there.”
Hardware attacks have come to light before.
Crooks posed as couriers or job seekers and planted devices like keyboards and thumb drives at banks in Eastern Europe in 2017 and 2018, stealing millions of dollars, Kaspersky reported.
Criminals snuck devices onto European port company computers in attacks from 2011 to 2013 to steal cargo and move drug shipments, according to the BBC.
Appleboum counts eleven of these kinds of attacks in eleven countries in the past four years, with targets like financial institutions, critical infrastructure, data centers and telecom.
Who’s a Target?
Do you need to worry about someone hacking your mouse or keyboard?
“My mom will not be targeted by something like that,” Appleboum said. “But specific high-profile individuals are a target for something like that. And we heard and we know about incidents like that, not just in the big corporations, but for high profile people.”
High profile or not, you can still take steps to protect yourself:
—Buy brand name electronics, instead of the cheapest, no-name devices you can find.
—Keep your systems updated.
—Disconnect unnecessary hardware from your life.
—Avoid free gifts of strange mice or keyboards.
—Be aware that hardware attacks, though not common, do occur.
Appleboum said he created a company to help solve this kind of problem after a bank came to him asking for help.
“Yes. I have a company that we have a solution,” he said. “But it’s not a matter of one company. It’s a matter of a global security concern for everyone. We cannot fulfill all of that.”
Main image: Example of a mouse at a plant control room. Image: WangAnQi/iStock