A German nuclear energy plant has been found to be infected with multiple forms of a malware but the types of malware found are not those that could be used in a targeted attack. It is believed that they had been picked up by accident and are not dangerous to the plant as in the case of a directed attack. The Gundremmingen Nuclear Plant is reportedly the highest-output nuclear power plant in Germany.
According to reports on securityweek.com, “the plant operator told Reuters Tuesday that the malware did not threaten the facility’s operations because it is isolated from the Internet. The Reuters report does not specify that the facility’s operations network is air-gapped from everything else, only that it is isolated from the Internet. This could suggest that it is still connected to the information technology network, but isolated from it by a firewall. The IT network will probably have its own Internet connections.
Isolation and preferably air-gapping should be standard. Nevertheless, Ramnit spreads by USB stick, and was found on 18 removable drives within the facility. Stuxnet was delivered by an engineer using an infected USB stick. So the fact that the original infection probably dates back to a 2008 retrofitted server should ring alarm bells: highly portable infected devices have been within the facility for many years.”