
Re: I'm starting to feel a bit old
> ....retired ...for some 5 years ..., I am probably out of touch.
I get that a lot too.
> I can't envision any scenario where a Database engine would arbitrarily send commands to the remote equipment. Such a process/interface would not exist.
The article here seems shy on details. It may be murky in the source material. For Reasons.
"...need to infect a PC.., find a Microsoft SQL Server on the network that has access... the login details... PieHop is then run on the PC to upload LightWork to the server, which sends disruptive commands to connected industrial devices."
So the "interface" is installed by the malware. The database is hacked(?) for login and device info. I would assume the next bit is to send arbitrary commands to random devices. Does "DFO776" turn up the hot water in the washroom? Turn-off the fire alarms? Or spin-up the turbine past max RPM? Attack commands may not need to make sense. Run enough of them, something bad(good) is likely.