However, if IRONGATE was just a proof of concept developed in 2014, intended to test a Stuxnet-like man-in-the-middle attack against PLCs, it could mean its creators have built another malware program since then that works against real industrial control system (ICS) deployments. Either way, IRONGATE's discovery should serve as a warning to organizations that operate SCADA systems.
"The attackers have learned and implemented Stuxnet techniques, but the defenders haven’t really improved the ability to detect malware targeting ICS," Dale Peterson, the CEO of ICS security consultancy Digital Bond, said in a blog post. "We need significant improvement in detection capabilities for ICS integrity attacks."
Sign up for CIO Asia eNewsletters.