Irongate — New Stuxnet-like Malware Affected Industrial Control Systems
Irongate — New Stuxnet-like Malware
We all know how dangerous is malware and imagine what worse situation it would be if malware like deadly Stuxnet targeted Industrial Control Systems. Really, it very panic situation. Yes, Security researchers have just discovered a very sophisticated and harmful malware that has features like Stuxnet sabotage malware namely Irongate. Irongate — new stuxnet-like malware has been specifically designed by cyber crooks to target industrial control systems (ICS) and the supervisory control and data acquisition (SCADA) systems. FireEye Labs Advanced Reverse Engineering Researchers has confirmed that the malware, “IRONGATE,” has affected Siemens industrial control systems.
The Irongate malware “is not viable against operational Siemens control systems,” the cyber security firm said the malware “does not exploit any vulnerabilities in Siemens products.” The very malevolent malware works in a simulated environment and the researchers found it fascinating upon its mode of operation which just like the Stuxnet.
Stuxnet:- Stuxnet sabotage malware was developed by the United States and Israel to disrupt the Iran’s nuclear facility and too has destroyed many country’s uranium enrichment centrifuges. Following the same techniques Irongate — new stuxnet-like malware uses Man-in-the-Middle (MitM) technique to inject itself b/w the Programmable Logic Controller (PLC) and the very legitimate software monitoring process. It checks for defenses, as well as mask its tracks. Irongate replaces valid Dynamic Link Library (DLL) file with some malicious copy, and allow the malware to target the particular control system configuration.
However, there is some difference between Stuxnet and Irongate especially in its complexity, geopolitical implications and ability to propagate. Moreover, in case to avoid detection, Irongate differs from Stuxnet. Irongate looks for sandbox environments alike VMWare and Cuckoo Sandbox while Stuxnet only lookin for presence of various antivirus software. However, even after so many information there is still one query that remain unsolved that who written Irongate. After the emergence of Irongate, FireEye confirmed that they have detected several versions of Irongate on malware database VirusTotal and too after noticing its some difference research team do think that Irongate — new stuxnet-like malware is not written by the Stuxnet’s authors.