Preventing Malware Infection
Analysis
Rhebo Industrial Protector registered multiple communication via the protocol types VNC, NetBIOS and SMB. The protocols are typically used by Windows devices for remote configuration and file sharing.
Their usage is usually not wanted in industrial networks.
Security Threat
The protocols are often used by malware (e.g. NotPetya and WannaCry). If the affected devices have direct or indirect access to the Internet, the ICS is at risk of compromise or infection.
Threats:
- financial loss due to production downtime
- power failure due to blackout
- system recovery and repair costs