DHS Says No Evidence That Flame Targets Industrial Systems, But Urges Caution

In and advisory, the Department of Homeland Security’s Industrial control System (ICS) CERT said that it doesn’t believe the Flame malware targets industrial control systems (ICS) or SCADA systems, but the group advised critical infrastructure owners to be on alert.

In and advisory, the Department of Homeland Security’s Industrial control System (ICS) CERT said that it doesn’t believe the Flame malware targets industrial control systems (ICS) or SCADA systems, but the group advised critical infrastructure owners to be on alert.

The advisory, issued Wednesday, describes Flame (aka sKy WIper) as complex malware with many features for spreading and stealing information. However, the agency said it has no evidence that Flame “specifically targets industrial control systems (ICS).” The alert also throws cold warning on speculation by some that Flame has similar origins to both the Stuxnet and DuQu worms.

“Initial analysis by the CrySyS team indicates that SKyWIper has few similarities when compared to Duqu and Stuxnet,” the alert reads, citing important early analysis by CrySys Lab at the Budapest University of Technology and Economics.

Neither ICS-CERT nor the larger US-CERT organizations have received any reports of Flame infections – not surprising given the low number of infections and the malware’s concentration in two countries: Iran and Hungary.

DHS advised organizations that are ICS operators and critical infrastructure operators to isolate control systems from the Internet, and to minimize their exposure to any larger network, and to deploy both firewalls and anti malware software to protect them.

Others, notably researchers at Kaspersky Lab, have suggested that both Flame and Stuxnet may be of a similar origin, even though they are separate programs. Among other things, Flame took advantage of many of the same software vulnerabilities used by Stuxnet. And, like Stuxnet, Flame was capable of spreading both by USB, and by exploiting vulnerable network file shares and printers.

 

Suggested articles

plugX malware loader TA416

TA416 APT Rebounds With New PlugX Malware Variant

The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.

Discussion

  • Anonymous on

    No crap it doesn't target SCADA systems. Why is DHS worried about Flame? It was probably written by a defense contractor for the CIA or NSA. They are basically worried about their own malware product.

  • Anonymous on

    Well, first you can never trust a liar cause they fall under the working title of Douch Bag!

    The people in the US government work for me ! Not the other way ! Remember if you find out where I live and also usurp the US constituion while trashing US positive law and gee, let's not forget over-riding "due process" I will know everything about you, and if I don't make it then my friends will find YOU!!!

    Shame on them!!

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.