SCADA Workstation Infected by W32/Korgo Worm
|Industry Type:||Power and Utilities|
The SCADA operator workstations got hit with the W32/Korgo worm virus. They were out of service starting at 14:33 and one terminal was back by 16:15. The first terminal was back by 18:23. These three terminals were on the corporate Intranet outside the SCADA firewall.
Immediate installation of a Microsoft patch on all impacted workstations to correct the problem. Then rolled out Anti-virus software and the same Microdoft patch on all other SCADA workstations inside the SCADA fireweall. A new subnet and screening router for these three Intranet connected workstations was put into place.
|Action Description:||Working to roll out the Microsoft patches into the SCADA HMIs much quicker. McAffee epo agent was installed on all SCADA workstations to update dat files daily.|