Malware Offers Backdoor to Critical Infrastructure Targets

By Joseph Lorenz on July 15, 2016


Security researchers at SentinelOne labs have discovered a new form of malware dubbed SFG, which targets industrial automation control systems. It has already infected at least one European energy company, and could drop a payload that would extract data or potentially shut down an energy grid. It is being said that SFG is the mothership of a related malware known as Furtim, which is believed to just be a subset of the complete program. Researchers were able to reverse engineer the malware which revealed a very sophisticated piece of software. This malware will likely be used to form a multi-staged attack consisting of three stages. It has been designed to work on devices running any version of Microsoft Windows and was developed to bypass traditional antivirus software and firewalls. If the malware detects that it’s being run in a sandbox environment(used to test and detect malware) or in a system that uses biometric access controls, it will re-encrypt itself until it is taken out of these environments.  All of these techniques deployed by the malware are in an elaborate scheme to avoid detection. The chief executive officer at SentialOne, Udi Shamir mentioned that “The malware has all the hallmarks of a nation-state attack due to its extremely high level of sophistication and the cost associated with creating software of this advanced nature.”. Based on the analysis, the malware must have been constructed by multiple developers. These developers must have reverse engineered more than a dozen antivirus solutions, to give the malware the ability to disable antivirus services without the user knowing.