Security News > 2022 > July > Beware of password-cracking software for PLCs and HMIs!

Makes compromised hosts part of a peer-to-peer botnet that engages in password cracking and cryptocurrency mining.

Thus, industrial engineers who can't access PLC programming software or an HMI because they don't know the right password occasionally turn to the internet to find a tool to help them crack it.

Several websites and multiple social media accounts are touting password-cracking software for PLCs, HMIs and project files, Dragos researchers have found.

These appear to be tailor-made to work on PLCs and HMIs by AutomationDirect, Omron, Siemens, ABB, Delta Automation, Fuji Electric, Mitsubishi Electric, Pro-Face, Vigor Electric, Weintek, Allen-Bradley, Panasonic, Fatek, IDEC Corp., and LG. "Dragos only tested the DirectLogic-targeting malware. However, initial dynamic analysis of a couple of other samples indicate they also contain malware," the researchers noted.

The passoword cracker they analyzed does seem to work as advertised, insofar that it is able to recover Automation Direct's DirectLogic 06 PLC password - but not by cracking it.

"Central Processing Unit levels spiked to 100% and multiple Windows Defender alerts were triggered," which is how the engineer who used the password cracker was alerted to its potential malicious nature.

News URL

https://www.helpnetsecurity.com/2022/07/18/password-cracking-plcs-hmis/