Author: Kailash Mariappan
VPN filter is a published case of malware which is often and almost exclusively targets the Industrial Automation and Control systems. VPN filter infects and resides on routers. The hackers chose this element as it is harder for many security products to spot malware residing on a router and further there isn't enough memory for malware to reside in industrial controllers.
The ability for hackers to get from a router in a production environment to the industrial controllers themselves is virtually unhindered. It is easy because most of these devices often require no authentication and have no security on them.
One of the locations recently affected by VPN filter is a chlorine plant in Ukraine. Evidently, the hackers chose that location with an evil intent to cause significant dire health and environmental damages. After all, that is one of the evil deeds of those sick minds
Routers have recently become an easy target for an increasing number of attacks. It is estimated to have infected approximately half a million routers worldwide.
VPN filter is yet another wake-up call to the automated manufacturing community to pay serious attention to the OT / IT security threats and take proactive actions to mitigate the risks.