What We Do

    Protect and safeguard your OT network and operations with the Mission Secure Platform and 24/7 Managed Services.

    Learn More

      2021 Industrial Cybersecurity Tech Buyer's Guide

      Learn More

        Industries

        Keep your organization secure against cyber threats and take control of your OT network.

        View All Industries

          A Comprehensive Guide to Maritime Cybersecurity

          Learn More

            Resources

            Find helpful OT and ICS cybersecurity resources, guides, and downloads.

            View All Resources

              eBook: A Comprehensive Guide to OT Cybersecurity

              Read More

                About Us

                Our team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.

                Learn More

                  Cyber Risk: From a Hacker's Point of View

                  Listen Now
                    2 Min Read

                    PIPEDREAM Malware: Understanding and Mitigating the Threat

                    Written by Mission Secure

                    PIPEDREAM Malware: Understanding and Mitigating the Threat featured image

                    The last year has brought unprecedented attention to the cybersecurity risks facing operational technology and industrial control systems. CISA’s new alert on APT Cyber Tools Targeting ICS/SCADA Devices adds even more urgency to the conversation, bringing to light a suite of tools called PIPEDREAM that could be used to execute attacks on oil and gas facilities, the electrical grid, and other critical infrastructure assets.

                    PIPEDREAM provides a set of tools designed to compromise commonly-used industrial control devices and facilitate a wide range of actions, including the manipulation of physical processes within industrial facilities. Devices vulnerable to PIPEDREAM attacks include Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers. Other manufacturers and device categories are likely to be vulnerable as well.

                    The full scope of the threat is not yet known. However, PIPEDREAM represents a significant escalation in efforts to compromise and attack critical infrastructure. A few key takeaways from the CISA alert are immediately clear.

                    OT-specific malware is a growing threat

                    To date, most attacks against critical infrastructure operations (the Colonial Pipeline attack, for example) have been aimed at IT networks, using the same tools and tactics that might be used against endpoints and servers in any other IT environment. But that may soon change.

                    PIPEDREAM is among a small but growing number of tools created specifically with OT networks and assets in mind. With capabilities designed to exploit the unique vulnerabilities and functionality of PLCs and other operational technology devices, PIPEDREAM demonstrates a growing interest among threat actors in disrupting physical processes and doing real-world damage.

                    Attacking OT and ICS will get easier

                    The lower levels of OT networks have traditionally been out of reach for the average threat actor, because accessing and manipulating them required specialized skills. And while PIPEDREAM was likely developed by a state-sponsored Russian APT group, you don’t need to be a highly sophisticated hacker to use it. 

                    PIPEDREAM was designed to be user friendly, with a modular architecture and automated functionality that enables, in the words of the CISA alert, “operations by lower-skilled cyber actors to emulate higher-skilled actor capabilities.” That means organized crime syndicates, terrorist groups, and other threat actors now have access to tools that once belonged to only the most sophisticated groups.

                    This also has the effect of expanding the potential ICS cyber attack surface. While state-sponsored attackers might be expected to focus on large targets with geopolitical significance, smaller threat actors might choose smaller targets to suit their own agendas, or use automated tactics to find and attack networks without even knowing in advance that the targets existed.

                    Dealing with the threat

                    The guidance for mitigating PIPEDREAM threats is consistent with the recommendations CISA has been making with increasing frequency in recent years. 

                    In addition to patching systems and maintaining backup and incident recovery plans, CISA recommends several strategies for preventing and detecting PIPEDREAM-based attacks, including:

                    • Increasing segmentation within OT networks
                    • Limiting ICS device connectivity to “known good” management and engineering workstations
                    • Limiting remote access to OT networks, and maintaining strict control over access that does occur
                    • Implementing a continuous OT monitoring solution to detect and alert on unauthorized or unexpected network activity.

                    Mission Secure’s OT cybersecurity platform provides each of these capabilities, through integrated hardware, software, and managed services designed specifically for OT and ICS environments.

                    Just as PIPEDREAM was developed to exploit the unique vulnerabilities that exist within OT networks, the Mission Secure platform provides unique capabilities developed to address those vulnerabilities.

                    Mission Secure’s patented Signal Integrity Sensor, for example, can detect unauthorized attempts to manipulate physical devices, even if the industrial controllers attached to those devices have been compromised. Other elements within the Mission Secure platform provide network segmentation, traffic whitelisting, and alerts on unexpected activity, while managed monitoring services ensure 24/7 attention on the health and security of the OT environment.

                    To learn more about how Mission Secure helps defend critical systems, contact us to schedule a consultation with our team of industrial cybersecurity experts.

                    Topics: