A group of researchers successfully created a malware variant of ransomware that can infect core industrial and infrastructure systems.
The Georgia Institute of Technology researchers custom built a ransomware strain to attack a simulated water treatment plant, according to reports. The researchers wanted to underscore vulnerabilities in the systems used by the critical infrastructure, industrial and energy sectors.
The researchers presented their findings at the RSA Conference in San Francisco on Monday, February 13, 2017. The researchers initially identified and tested the security of common programmable logic controllers (PLCs) used in industrial plants.
By building a simulated water treatment facility and combining the PLCs, the researchers were reportedly able to demonstrate how to close the systems using a strain of ransomware.
The researchers claim the attackers could alter chlorine levels and other serious mechanisms regulated by the industrial plants, which could cause physical harm to residents.
Attackers could also attack the PLCs and shut off valves or display false readings, according to reports. The researchers found at least 1,400 examples of one vulnerable type of PLC that could be accessed via the Internet.
Officials in the U.S. government have repeatedly warned of the increasingly threat of cyberattacks against U.S. critical infrastructure and industrial systems by state-sponsored hackers.
The researchers urge industrial plants to adopt strong network security systems beyond a typical firewall to better protect these critical facilities.