Security researchers have uncovered the truth behind software that’s being advertised as a way to unlock industrial terminals without a password — it’s actually a malware dropper.
The malware can subsume devices and add them to a botnet, meaning they could then be accessed by unauthorised users to help complete power-intensive tasks (like crypto-mining) that demand a network of distributed computers.
Although securely sharing passwords for company devices has been made safer by technology like password managers for teams, This scam suggests enough employees evidently still seek out password-cracking tools for the scam to be worthwhile.
Beware of Password Unlock Adverts
The malware – called “Sality” – discovered by security researchers at Dragos, is spreading through advertisements (Pictured below, Image credit: Dragos) posted by “multiple accounts across a variety of social media websites” and disguised as password unlocking software
Specifically, it’s advertised as a way to unlock Programmable Logic Controller (PLC), Human-machine interface (HMI), and file password cracking software, if you don’t have a password to do so.
PLCs are essentially machines that set rules for industrial machinery like assembly lines or conveyor belts, and can be programmed to obey certain logical rules.
HMIs, on the other hand, are any consoles that allow humans to interact with devices, although they’re usually only called this in the context of industrial processes.
The adverts concern HMI/PLC terminals from companies such as Automation Direct, LG, Fuji Electric, Mitsubishi, Omron, Siemens, Vigor, Pro-Face, Allen Bradley, Weintek, ABB, and Panasonic.
What Does the Malware Do?
Instead of unlocking password-protected devices of the kind listed above, Sality instead exploits firmware vulnerabilities to retrieve passwords and turns the host device into a peer in a P2P botnet.
The malware itself can do things such as terminate processes, remotely connect to sites, download more malware, or steal data.
In order to maintain persistence in the host and spread to other devices on the same networks, the malware abuses the Windows autorun function and subsequently spreads copies of itself through USBs, external storage drives, and network shares.
Kernel drivers were also deployed by Sality to remove antivirus software and firewalls present on devices.
Dragos researchers observed additional malware being deployed to hijack clipboards and check for cryptocurrency address formats, reflecting that the motivation behind the attack is is likely financial.
Why Would You Need a Password Cracker Anyway?
You may be wondering: what’s the use case for a password cracker of this sort, and wouldn’t security researchers be extra cautious when downloading such tools?
The security team who discovered the malware detailed a scenario in which a password cracker would need to be acquired: An engineer, Dragos says, may need to update a programmable logic controller that presides over some sort of assembly line machinery after the retirement of a senior IT engineer who used to have responsibility for the system, only to find themselves password restricted.
They may turn to the internet for answers, and – particularly when pressed for time – be tempted into purchasing a password unlocking device for a PLC or HMI. To avoid being scammed, they should contact the former employee or the manufacturer.
Storing Passwords Securely
In the context of the case provided by Dragos, Sality malware relies on poor management of account credentials by industrial businesses.
Although the example given by Dragos concerns an employee leaving, an employee who’s forgotten a password and is unable to reset it may feel the same way, and that they have no option but to turn to password-cracking software available online, no matter how dodgy.
Password managers for businesses can prevent these problems from ever occuring, by offering secure storage for shared passwords that might be needed by more than one member of staff.
Using a password manager for this kind of account credentials means you’ll never be in a position where you’ll be left with no choice but to deploy some unverified password-unlocking software.
Best Password Managers for Business Use
Local Storage Option | Two-Factor Authentication | Failsafe Function | Password Generator Function A password manager can create secure, complex passwords for you. You won't need to remember them yourself. | Help Instructions | Email Support | Live Chat Support | Phone Support | Business Plan? | Business Price Cheapest available business plan | Click to Try | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|
LastPass | Dashlane | NordPass | Sticky Password | |||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
| | | | | ||||||||
$3.20/user/month | $19.95/10 users | $60/user | $2.51 user/month | $29.99/user/year | ||||||||
Try LastPass | Try 1Password | Try Dashlane | Try NordPass | Sticky Password |