Huge Jump in ICS Attacks

Thursday, December 29, 2016 @ 02:12 PM gHale

Industrial control systems (ICS) attacks jumped by 110 percent this year over last year, new research found.

The main culprit behind this was brute force attacks on supervisory control and data acquisition (SCADA) systems, said researchers at IBM Managed Security Services.

RELATED STORIES
Security Centers’ Future Role
25% of Orgs Can Detect, Respond to a Breach
Phishing Site Longevity Shrinking
Big Jump in Per Day Malware Detected

Attackers used a penetration testing tool, which was available on GitHub since last January. Smod can conduct a security assessment of the Modbus serial communications protocol and it includes brute-force capabilities.

“The public release and subsequent use of this tool by various unknown actors likely led to the rise in malicious activity against ICS in the past 12 months,” said Dave McMillen, senior threat researcher at IBM Managed Security Services in a blog post.

The United States was the top source and top destination of ICS attacks observed by IBM since the beginning of the year until the end of November.

Researchers said the reason for the attacks was because the U.S. has the largest number of Internet-connected ICS systems.

Sixty percent of the attacks came from the U.S., followed by Pakistan (20 percent), China (12 percent), the Netherlands (5 percent) and India (4 percent). Nearly 90 percent of ICS attacks focused on the United States, with China, Israel, Pakistan and Canada also on the list.

IBM described three ICS attacks that made headlines.

One of them is the 2013 New York dam attack divulged by the U.S. Justice Department in March, McMillen said. Authorities said Iranian hackers compromised the system used to control the dam.

Another high-profile attack was the Ukrainian energy sector in December 2015. The attacks, attributed to the Russian government, caused severe power outages. Similar outages occurred this year, but Ukraine has yet to confirm they were cyberattacks.

The SFG malware, discovered in June 2016 on the networks of a European energy company, created a backdoor on targeted industrial control systems, McMillen said. The backdoor delivered a payload “used to extract data from or potentially shut down the energy grid.”

The Windows-based SFG malware is designed to bypass traditional antivirus software and firewalls. It contains all the hallmarks of a nation-state attack, likely of Eastern European origin.

“Government and private institutions around the world are starting to focus on mitigating risk to ICS,” McMillen said. Cybercriminals are developing new threats on a daily basis that could result in catastrophic utility outages.

The threat to ICS permeates across a nation’s entire economy and infrastructure, McMillen said. Organizations across all verticals must take responsibility for protecting their own assets and consumers.

“The best way to keep adversaries out of an ICS is to implement simple safeguards, best practices and risk management solutions,” he said.

Users can download ICS-specific resources from government entities like the National Institute of Standards and Technology (NIST), which also offers network protection advice for connected things in the industrial realms.



Leave a Reply

You must be logged in to post a comment.