Malware like Stuxnet, Duqu, Flame, Uroburos/Snake, Blackshades, FinFisher, etc have been targeting virtually everything worth money or strategic importance. They are also been used to indulge in cyber warfare and cyber espionage activities. They are stealth in nature and till they are detected much damage is already been done.
The supervisory control and data acquisition (SCADA) systems may be the new cyber attack priority for cyber criminals and rouge nations. Internet is full of unprotected and unsafe devices, SCADA systems and computers. India is also required to protect critical ICT infrastructure (PDF) and SCADA systems.
The Department of Homeland Security (DHS) has reported that a sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility’s operations were affected. The DHS also warned public utilities and critical infrastructure operators about the dangers of not using a firewall and allowing remote access to Internet facing devices.
As per the ICS-CERT report (PDF), the public utility was penetrated by a group of hackers that gained access to its control system network; although it found no evidence that the utility’s operations were affected. The agency said the utility was using a simple password mechanism, which hackers can easily bypass using a standard brute-forcing technique by trying on various passwords until they hit the right one.
“It was determined that the systems were likely exposed to numerous security threats and previous intrusion activity was also identified. This incident highlights the need to evaluate security controls employed at the perimeter and ensure that potential intrusion vectors (ex: remote access) are configured with appropriate security controls, monitoring and detection capabilities” the ICS-CERT report claims.
The second threat involved an Internet-connected control system attached to a “mechanical device”, which was accessed by a hacker using SCADA protocol. ICS-CERT said the device can be accessed directly through the Internet and is not protected by a firewall or authentication access controls. The device, however, was disconnected for maintenance at the time of the attack, said the report.
ICS-CERT said that the use of tools such as SHODAN, Google and other search engines to look for and identify devices that were not meant to be Internet facing, as well as the emergence of vulnerabilities such as Heartbleed continue to provide a threat to the Internet.