![]() ![]() Troy successfully recovers the PLC password, but a couple of minutes later he discovers the engineering workstation system is acting strange. He purchases the software and runs it on his engineering workstation. But Troy insists this is a time-sensitive task. Cassandra, Troy’s security-conscience coworker, warns against introducing this unnecessary risk into their OT environment. Troy looks for answers online, and seeing an advertisement for PLC password cracking software, decides to give it a go. Troy doesn’t know the password, and Hector left a few months ago and is now vacationing on a boat without service indefinitely. ![]() After firing up the PLC programming software, DirectSOFT, a password prompt pops up. Troy needs to update some ladder logic Hector wrote on Automation Direct’s DirectLogic 06 PLC. ![]() Take the following as an example: an engineer named Troy just got promoted to senior engineer when his old colleague, Hector, retired after serving 30 years at an electric utility. Buyers can retrieve forgotten passwords by running an executable provided by the seller that targets a specific industrial system.Īn advertisement like this raises the question, “Who would buy this?” Any information security professional would caution against downloading and running software from an untrusted party. Multiple accounts across a variety of social media websites are advertising Programmable Logic Controller (PLC), Human-Machine Interface (HMI), and project file password cracking software. The Story of Troy and the Password “Cracking” Trojan Horse However, during a routine vulnerability assessment, Dragos researchers uncovered a smaller in scale technique targeting industrial engineers and operators. The usual suspects – ransomware, business email compromise, internet fraud, and phishing are well known to the information security community. The internet brings endless possibilities for scammers and cyber criminals to make money illegitimately. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |