SCADA systems available for sale in the Underground

Pierluigi Paganini June 27, 2015

Security experts have discovered the availability in underground forums of the credentials and other information related to SCADA systems.

SCADA (Supervisory Control and Data Acquisitions) systems are the most important components for the control of processes inside a critical infrastructure. A recent report published by Dell revealed a 100 percent increase in the number of attacks on industrial control (SCADA) systems.

The new Dell Annual Threat Report revealed that the number of attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014 respect the previous year.

Unfortunately, the majority of incidents occurred in SCADA systems is not reported. The experts confirmed that in the majority of attacks are conducted by politically motivated APT groups. The knowledge of the model of SCADA system deployed in a critical infrastructure could allow an attacker to run a targeted attack through a specifically designed malware, Stuxnet was developed with the intent to interfere with Iranian nuclear program by infecting control systems at the Natanz nuclear plant.

SCADA systems are everywhere, from water facilities to nuclear plants, their protection is an essential part of a cyber strategy of any government. They were relatively unknown, even to information security experts, that was until

Idan Aharoni, founder & CEO of Inteller intelligence firm, have discovered the availability in the underground of information related to SCADA systems, including its credentials. The circumstance is disconcerting because this information in the wrong hands could represent a serious threat for the Homeland Security.

The expert discovered fraudsters claiming to have access to several SCADA systems, in order prove it, they posted screen shot from a supposedly compromised component.

SCADA system underground

The following image appears to be from a SCADA system in France, the expert speculates that is part of the control system of some hydroelectric generator.

SCADA system underground 2

The fraudster also shared three IP addresses and VNC passwords (remote desktop) to other three SCADA systems, the analysis of the IP addresses revealed that they belong to France Carries Orange FR and Keyyo.

“the fact that compromised SCADA systems are now offered for sale for anyone to purchase, including jihadists and hacktivists, should not be taken lightly.” wrote Aharoni.

The discovery is disconcerting because groups of terrorists, cyber criminals and state-sponsored hackers could gain access to the SCADA system causing serious damages.

Pierluigi Paganini

(Security Affairs – SCADA, underground)

you might also like

leave a comment