After scouring their systems for evidence of a breach, workers at South Korea's nuclear regulator have discovered an embarrassing surprise: a malware-infected device connected to the air-gapped system that controls one of the nation's nuclear reactors. There's no evidence that the malware copied itself over onto the system, and there's also no indication that the program would have had harmful effects if it had made it onto the systems — but for anyone concerned about the digital security of nuclear plants, it's a harsh reminder that keeping a system off the web isn't enough to protect it from attack.
Keeping a system off the web isn't enough to protect it from attack
According to a statement by the country's energy minister, the malware was most likely introduced to the system by workers using unauthorized USB drives — the same method used by the notorious Stuxnet bug to attack an air-gapped nuclear control system in Iran. In the years since Stuxnet, USB-based attacks have grown even more dangerous, thanks to firmware-based attacks that are undetectable by conventional methods.
The Korea Hydro & Nuclear Power Co. was performing a thorough security check as a result of threats earlier this month from an anti-nuclear group, after which the company had assured the public that their control systems were inaccessible to attack. There's no evidence that the newly discovered malware is related to the earlier threats, but it has exposed the agency to increasing criticism from the South Korean parliament. Local law enforcement is also investigating possible North Korean involvement in the hack, although no firm evidence has been discovered to implicate the country in the attack.