Two power plants in the US were affected by malware attacks in 2012, a security authority has said.
In its latest quarterly newsletter, the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said “common and sophisticated” attacks had taken place.
Malware had infected each plant’s system after being inadvertently brought in on a USB stick, it said.
In the newsletter, authorities said: “The malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive’s operation.
“The employee routinely used this USB drive for backing up control systems configurations within the control environment.”
And at a separate facility, more malware was found.
“A third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades,” the report said.
“Unknown to the technician, the USB-drive was infected with crimeware.
“The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks.”
Full article: US plants hit by USB stick malware attack (BBC)