Feb 5, 2020 SOURCE: PR NewsWire

TrapX Security Identifies New Malware Campaign Targeting IoT Devices Embedded With Windows 7 at Manufacturing Sites

SAN JOSE, California, Feb. 5, 2020 /PRNewswire/ -- TrapX Security, the global leader in cyber deception technology, has identified a new malware campaign specifically targeting IoT devices using Windows 7 at various global manufacturing sites. A new report from TrapX Research Labs details this campaign that uses a self-spreading downloader that runs malicious scripts as part of the Lemon_Duck PowerShell malware variant family. It has targeted a range of devices including smart printers, smart TVs and automated guided vehicles (AGVs) at specific manufacturer sites.

https://mma.prnewswire.com/media/664143/TrapX_Logo.jpg

In January 2020, Microsoft ended all support for Windows 7, despite the estimated 200 million devices that are still running the out-of-date operating system (OS). This End of Life means there will be no more additional security patches, fixes or functions, leaving these IoT devices at an increased risk. The manufacturing sector faces large challenges due to its reliance on embedded devices running legacy OS. These devices cannot be updated easily, and most often need to be replaced in order to upgrade to new, more secure operating systems. The existence of devices running legacy OS leaves these networks open to the campaign causing risks to employee safety, disruption of production and, in some cases, loss of sensitive data.

TrapX's report on this malware campaign does a deep dive into its capabilities and how it spreads throughout target networks. It found that the malware's infection may cause IoT devices to malfunction, causing harm to workers on the manufacturing floor, delays in the supply chain and damage to the brand's reputation. The report describes the compromised security of industrial equipment that could be life-threatening, as well as detailed forensics of the malware utilized in the campaign.

"This research is further proof of the growing complexity of security management as businesses adopt new technologies such as IoT and cloud while still maintaining legacy ones," said Ori Bach, Chief Executive Officer of TrapX Security. "To remain effective, security products must be able to scale across the complex threat landscape."

Main security takeaways from the report:

    --  Window 7 End of Life indicates additional patches, fixes, or functions
        are not available to protect these devices from future threats.
    --  Infiltration risks damage to safety, the supply chain and data loss,
        and, in extreme cases, cause a shutdown of the entire production
        network.
    --  Devices from third-party vendors can enter the network pre-infected.
    --  Further attacks are preventable if the proper cybersecurity controls are
        in place, including:
        --  Change the default password on devices and avoid use of weak
            passwords that can be brute forced
        --  Map out at-risk embedded devices running the now end of life Windows
            7 OS and the resulting operational impact of infections to your
            network
        --  Replace sensitive devices with more up-to-date ones and create
            further segmentation around devices that cannot be replaced
        --  Deploy detection and response solutions to monitor and quarantine
            infected devices

The report outlines anonymized case studies of real attacks and can serve as a guide for IT teams looking to better identify and mitigate the threat. To learn more about this campaign, download the New Malware Campaign Exploits Vulnerabilities in Embedded Devices Targets Manufacturing Sites Report from TrapX Research Labs. Contact us today to find out how to protect your IoT network.

About TrapX Research Labs

TrapX Research Labs is a pioneer and global leader in cyber deception technology. The TrapX DeceptionGrid rapidly detects, deceives, and defeats advanced real-time cyber-attacks and human attackers in real-time. The DeceptionGrid provides automated, highly accurate insight into malicious activity unseen by other forms of cybersecurity. By deploying DeceptionGrid, users can create proactive security to fundamentally halt the progression of an attack. This strategy shifts the economics of cyberattacks to cost the attacker instead of the victim. TrapX Research Labs clients include several Forbes Fortune 500 commercial and government customers worldwide. Sectors include defense, healthcare, finance, energy, consumer products, and other key industries. Learn more about this cybersecurity solution at www.trapx.com.

Download TrapX Research Labs' investigative report to understand the risk posed by malware campaigns to the manufacturing industry and beyond. Contact the TrapX team today to find out how to protect IoT devices and manufacturing networks from attack.

View original content:http://www.prnewswire.com/news-releases/trapx-security-identifies-new-malware-campaign-targeting-iot-devices-embedded-with-windows-7-at-manufacturing-sites-300999051.html

SOURCE TrapX Security

Related News

TrapX Introduces Industry-First Deception-As-A-Service Solution, TrapX Flex(TM)

TrapX Security Launches New Service to Track Threat Actors

Ayla Networks and Firedome Partner to Offer Combined Advanced Connected Device Management, Privacy and Security Solution

New Mozi Malware Family Found

PolySwarm introduces PolyScore(TM), the most advanced threat scoring algorithm for malware

How a Breach and Attack Simulation Platform Can Improve Your Cloud Security

CyberMDX Secures $20 Million in Funding to Secure Hospital Networks and Critical Medical and IoT Devices

TrapX Security Releases Industry-First Active Defense Platform

View all News

Latest Procurements

Market Sounding - Defence Infrastructure Panel – Construction Major Works

To assist the Commonwealth of Australia (Commonwealth), represented by the Department of Defence, in considering the potential establishment of a standing offer for the undertaking of major construction works described...

ATM 24/2948 drone-mounted Magnetometer

Provision of a drone-mounted Magnetometer to the Australian Antarctic Division

ANSTO Engineering Design Services Panel

The ANSTO Engineering Panel will be established to support the design and development of new facilities, major projects, minor works, and ongoing building renovation and refurbishment needs across many different...

View all Procurementsp

Agenda

June

FranceParc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024, 17 - 21 June 2024, Parc des Expositions de Paris Nord Villepinte ZAC Paris Nord 2, 93420 Villepinte – France (Halls 5a – 5b – 6)

Eurosatory 2024 There can be no sustainable world without peace and security. Founded in 1967, the exhibition...

May

Paris Marriott Rive Gauche & Conference Center

Future Artillery, 21-23 May 2024, Paris Marriott Rive Gauche & Conference Center, France

DELIVERING FIRES IN THE MULTI-DOMAIN BATTLESPACE As artillery reasserts itself as the ‘King of Battlefield’ in the wake...

May

United Arab EmiratesADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR Abu Dhabi 2024, 21-23 May 2024, ADNEC (Abu Dhabi National Exhibition Centre), Abu Dhabi, Al Khaleej Al Arabi St - Al Rawdah - Al Ma'arid - Abu Dhabi, UAE

ISNR ACCELERATING TRANSFORMATION IN THE NATIONAL SECURITY ECOSYSTEM ISNR Abu Dhabi is the region’s most trusted...

View All Events

Companies

University Institution Antonio Jose Camacho

Olympia Electronics

Karnataka Hybrid Micro Devices Ltd. (KHMD)

View All Companies