Researchers from US-based computer security service SentinelOne Labs have uncovered a new malware on the network of a European energy company.
Called SFG, the new virus is most likely designed by nation-state attackers and carries the hallmark of a nation-state attack, created in a way that can evade both traditional anti-virus software and the latest firewalls. Security sandboxing software GFI and Joe Sandbox will not be able to reveal the malware's full functionality in analysis.
The SFG virus takes advantage of two known exploits, CVE-2014-4113 and CVE-2015-1701. It also uses a Windows user-account control (UAC) bypass, reported Computing.co.uk.
NSFOCUS IB's chief research intelligence analyst Stephen Gates said: “This scenario begs one to ask the question, ‘Should computing devices that control power grids be accessible to attackers on the Internet?’ In the light of this new malware, most would agree the answer should be no.
“So why are power company computing devices accessible to hackers or nation states? It could be due to attackers having physical access.
“However, in almost every case it is because those computing devices are connected to the Internet in some shape or form.
“Primarily this was done to improve efficiency and reduce costs for the power companies. As a result, they increased profits at the cost of security. Maybe it’s time to rethink that decision.”
According to the researchers, the malware developers seem to have a detailed understanding of Windows, low-level application programming interfaces (API), and systems calls.
