The Big Guns: Pipedream Malware

The Big Guns: Pipedream Malware

Yesterday, Wired magazine published an article about a potentially game changing development in cybersecurity. Dubbed Pipedream by cybersecurity firm Dragos, this new threat is a malware program designed to attack oil refineries, power grids, water systems and other forms of major infrastructure. Malware targeted at infrastructure isn't new, but this program is distinct in that it embeds itself into infrastructure systems and uses legitimate commands to disrupt their functioning.

Dragos Vice President of Threat Intelligence, Sergio Caltagirone, describes the breadth of the threat this way: "This is the most expansive industrial control system attack tool that anyone has ever documented... It’s like a Swiss Army knife with a huge number of pieces to it.” Andy Greenberg, who wrote the article, paraphrases Dragos' report on the program, saying that Pipedream, "...has the ability to hijack target devices, disrupt or prevent operators from accessing them, permanently brick them, or even use them as a foothold to give hackers access to other parts of an industrial control system network."

Investigation into the malware's potential targets, origins and functioning is ongoing. The good news is that Pipedream doesn't appear to have been used on anyone yet. Still, a weapon as complex as this could have destructive effects on businesses, governments and ordinary people if it were ever unleashed.

What to Do

The Cybersecurity & Infrastructure Security Agency (CISA) released a report in response to Pipedream, which offers some advice for concerned parties. Many of their admonitions revolve around detection and mitigation strategies to catch malignant actors in the process of deploying the program.

Pipedream seems to target specific programs commonly used in industry and infrastructure. The first thing they recommend is to isolate all relevant systems from other sectors in the organization. They even recommend taking them off of the public internet completely and then strictly monitoring who has access to the networks. This entails resetting all passwords and then restricting access to a handful of endpoints that only the most trusted management and engineering staff can use.

Relevant systems should also have offline backups to recover information quickly in the event of an attack. Other measures like multi-factor authentication, continuous monitoring of networks as well as thorough error and alert logs are a must. Mirroring advice we've given in the past, they advise that mitigation plans should be set down in writing and made accessible to the necessary staff members. In addition, they recommend a philosophy of "least privilege," which they define as restricting admin account usage to only the most necessary of operations, like installing software updates. Finally, any signs of an attack, such as strange or delayed communications, inexplicable loss of functioning or sudden, unplanned rebooting of systems need to be investigated immediately.

All of this is a very tall order. But you're in luck. Titan Tech has the knowledge and expertise to advise on the specifics of these security measures. They can help you come up with a solid plan of action both to prevent attacks and mitigate damage if they do occur, whether those attacks are the result of Pipedream or some other cybersecurity threat. Contact them today to schedule your free consultation.

And join us next week for more tech news.