German steel works suffered “massive damage” after hack attack

Graham Cluley

Hackers who compromised a German steel works inflicted serious damage on one of its blast furnaces, according to a newly released report from the German Federal Office of Information Security.

Once again, according to the German report [PDF], the initial infection took place because a member of staff was tricked by a spearphishing email that used social engineering techniques to lull them into a false sense of security.

Steel report

With login credentials stolen, the hackers eventually gained access to the unnamed plant’s production network – giving them remote access to the steel plant’s control systems.

As the Wall Street Journal reports, the breach “resulted in an incident where a furnace could not be shut down in the regular way and the furnace was in an undefined condition which resulted in massive damage to the whole system.”

Clearly whoever was behind the attack was not only advanced enough to avoid detection by whatever security systems the steel works had in place, but also had specialised knowledge about the industrial control systems being used at the plant.

And, of course, it’s worth considering that if the hackers were able to cause that level of damage to an unnamed German steel works, how many other steel works (and similar industrial plants) around the world might be similarly at risk of attack?

If you needed another example of why it’s a good idea to airgap your industrial plant’s production network from the rest of the internet, here it is.

Malware targeting industrial control systems is, sadly not a new phenomenon. Indeed, it’s becoming more common.

For instance, earlier this year it was reported that the websites of industrial control system manufacturers were being hacked and the software downloads they published being poisoned to carry the Havex remote access trojan.

There is no arguing that malware has caused plenty of damage in the last 30 years or so, but it rarely causes physical destruction.

Perhaps the most famous case of hardware-damaging malware is Stuxnet, which targeted industrial systems controlling nuclear centrifuge equipment at Iran’s Natanz refining facility.

Clearly we have well and truly entered a new era of hacking attacks, where the goal of some malicious actors will be to cause damage to critical infrastructure rather than steal data, send spam or wipe hard drives.

If there’s one good thing to come out of the German Federal Office of Information Security’s report it is that incidents like this are now being talked about more openly. Only through raising awareness of the risks, and implementing systems to better protect against them, can we have any hope of reducing the chances that critical infrastructure will fall victim to such attacks.

This article originally appeared on the Optimal Security blog.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES