Who is attacking industrial control systems?
Posted on 18 March 2013.
Since the discovery of Stuxnet, industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks have received a fair share of attention from researchers and attackers alike.

Introduced decades ago when security was not that great a concern and when most of them weren't connected to the Internet or to a LAN, these systems are now getting bolt-on security. Realistically, problems related to this are only starting.

If you don't believe that these systems make such great targets, consider the results of a recent report by a Trend Micro researcher who set up honeypot architecture emulating a number of of SCADA and ICS devices and featuring typical vulnerabilities found on similar systems.

Accessible from the Internet through simple Google searches (as many of these systems are), his honeypots were targeted both by automated and targeted attacks, and it took only 18 hours for the first one to be detected.

"Out of these 39 attacks, 12 were unique and could be classified as 'targeted' while 13 were repeated by several of the same actors over a period of several days and could be considered 'targeted' and/or 'automated.' All of these attacks were prefaced by port scans performed by the same IP address or an IP address in the same /27 netblock," says Threat Researcher Kyle Wilhoit.

Unsurprisingly, 35 percent of these attacks originated in China, and 19 percent in the United States. All other "players" didn't surpass the one digit limit, except for a unexpected "third place" occupied by hits from Laos:


Wilhoit also made a list of different types of attacks that were attempted (including spearphishing a site administrator) and covered good advice for preventing them. He also included a lot of details concerning the setup of such honeypots.









Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //