Yes, there’s malware. But don’t change your SCADA password, advises Siemens

If you were in charge of some critical infrastructure (such as a power plant or manufacturing facility) and there was some malware which exploited a zero-day vulnerability in Windows which targeted your systems you might be pretty concerned, right?

In fact, if the malware (which we’ll call Stuxnet) was programmed to know the default password used by the SCADA (Supervisory Control And Data Acquisition) systems which manage your critical operations you might want to seriously consider changing those default passwords, right? As a sensible precaution, yes?

Well, unfortunately, life is not that simple.

Although Siemens SCADA systems are being targeted by the Stuxnet malware (which, you will remember, exploits a zero-day Microsoft vulnerability in the way that Windows handles .LNK shortcuts, allowing malicious code to run when icons are displayed), the company is telling customers…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.