Trojan Backdoor on Water SCADA System
|Industry Type:||Water/Waste Water|
During a security audit of the SCADA system, a trojan backdoor was located on a human machine interface (HMI) computer.
The firewall blocked the HTTP reverse tunnel, but not the key logger which used SMTP for transport.
The HMI was on the enterprise network for the regional government. Multiple Internet connections in different agencies allowed both web and email access from the HMI.
|Action Description:||Firewalls were modified to prevent HTTP access from the SCADA system computers to external websites. Antivirus software and procedures were invoked for all SCADA computers.|