San Jose, California, Feb. 5, 2020: TrapX Security, a firm’s that’s into cyber deception technology, has identified a new malware campaign specifically targeting the Internet of Things (IoT) devices using Windows 7 at various global manufacturing Sites.
According to a press release by TrapX Research Labs details, this campaign uses a self-spreading downloader that runs malicious scripts as part of the “Lemon_Duck PowerShell” malware variant family. It has targeted a range of devices including smart printers, smart TVs and automated guided vehicles (AGVs) at specific manufacturer Sites.
Incidentally, in January 2020, Microsoft ended all support for Windows 7, despite the estimated 200 million devices that are still running the out-of-date operating system (OS). This End of Life means there will be no more additional security patches, fixes or functions, leaving these IoT devices even more vulnerable. The existence of devices running legacy OS leaves these networks open to the campaign causing risks to employee safety, disruption of production and, in some cases, loss of sensitive data.
TrapX’s report describes the compromised security of industrial equipment that could be life-threatening, as well as detailed forensics of the malware utilized in the campaign.
“This research is further proof of the growing complexity of security management as businesses adopt new technologies such as IoT and cloud while still maintaining legacy ones,” said Ori Bach, Chief Executive Officer of TrapX Security in the press release. “To remain effective, security products must be able to scale across the complex threat landscape.”
Main security takeaways from the report:
- Window 7 End of Life indicates additional patches, fixes, or functions are not available to protect these devices from future threats.
- Infiltration risks damage to safety, the supply chain and data loss, and, in extreme cases, cause a shutdown of the entire production network.
- Devices from third-party vendors can enter the network pre-infected.
Further attacks, said TrapX, were preventable if the proper cybersecurity controls are in place. Users must change the default password on devices and avoid use of weak passwords that can be brute forced, map out at-risk embedded devices running the now end of life Windows 7 OS and replace sensitive devices with more up-to-date ones.