Request a Proposal

Another look at IRONGATE, the secret malware targeting critical systems

What does the discovery of this malware mean for the world?

It would take more than just your average malware to take down smart cities, power plants, factories and ports, grinding our world to a halt and possibly causing physical destruction.

But researchers at cybersecurity company FireEye found malware that appears to be designed for that very task—a sneaky attack that tries to hide from cybersecurity defenses and secretly run industrial equipment, without the operators knowing what is going down.

Archer News asked FireEye about its discovery, which it calls IRONGATE.  Here is the Q & A with Sean McBride, analysis manager at FireEye.

Archer News:  What do you think is the significance of IRONGATE? 

Sean McBride: IRONGATE is significant because it illustrates that:

1) Concepts useful for malware to attack industrial processes continue to develop.

2) The overall security community may not be proficient at identifying emerging developments that target industrial processes.

3) Many of the core challenges around ICS [industrial control systems] security remain unmet.  

Archer News: If IRONGATE currently not being used to attack ICS, do we need to be concerned about it? 

Sean McBride: IRONGATE malware is currently not being used to attack operational industrial processes, and never will be. What we need to be concerned about are the concepts displayed in IRONGATE. We are not sounding a warning about an a specific ongoing or impending attack. We are contributing to a discussion about the ability of ICS asset owners to detect and prevent malware targeted at industrial processes. We are highlighting techniques that future attacks against industrial processes could reasonably incorporate. 

Archer News: Could there be more IRONGATE-type malware out there that we do not yet know about?

Sean McBride: Like many code developers, malware authors play with ideas, they work incrementally. At five-plus years since ICS security received significant attention, I would surmise that there are more instances of IRONGATE-type malware we don’t know about. ICS networks lack security visibility. Control logic is delivered to PLCs without authentication. Device firmware can be overwritten/modified. Process IO can be manipulated by anyone on the network. While these problems are not new, relatively few operational process environments detect attacks against these weaknesses.

You can read more about IRONGATE here in FireEye’s report and here at Archer News.