SCADA systems available for sale in the Underground

Security experts have discovered the availability in underground forums of the credentials and other information related to SCADA systems.

SCADA (Supervisory Control and Data Acquisitions) systems are the most important components for the control of processes inside a critical infrastructure. A recent report published by Dell revealed a 100 percent increase in the number of attacks on industrial control (SCADA) systems.

The new Dell Annual Threat Report revealed that the number of attacks against supervisory control and data acquisition (SCADA) systems doubled in 2014 respect the previous year.

Unfortunately, the majority of incidents occurred in SCADA systems is not reported. The experts confirmed that in the majority of attacks are conducted by politically motivated APT groups. The knowledge of the model of SCADA system deployed in a critical infrastructure could allow an attacker to run a targeted attack through a specifically designed malware, Stuxnet was developed with the intent to interfere with Iranian nuclear program by infecting control systems at the Natanz nuclear plant.

SCADA systems are everywhere, from water facilities to nuclear plants, their protection is an essential part of a cyber strategy of any government. They were relatively unknown, even to information security experts, that was until

Idan Aharoni, founder & CEO of Inteller intelligence firm, have discovered the availability in the underground of information related to SCADA systems, including its credentials. The circumstance is disconcerting because this information in the wrong hands could represent a serious threat for the Homeland Security.

The expert discovered fraudsters claiming to have access to several SCADA systems, in order prove it, they posted screen shot from a supposedly compromised component.

The following image appears to be from a SCADA system in France, the expert speculates that is part of the control system of some hydroelectric generator.

The fraudster also shared three IP addresses and VNC passwords (remote desktop) to other three SCADA systems, the analysis of the IP addresses revealed that they belong to France Carries Orange FR and Keyyo.

“the fact that compromised SCADA systems are now offered for sale for anyone to purchase, including jihadists and hacktivists, should not be taken lightly.” wrote Aharoni.

The discovery is disconcerting because groups of terrorists, cyber criminals and state-sponsored hackers could gain access to the SCADA system causing serious damages.

Pierluigi Paganini

(Security Affairs – SCADA, underground)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Two Linux flaws can lead to the disclosure of sensitive data

Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise…

9 hours ago

Meta stopped covert operations from Iran, China, and Romania spreading propaganda

Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread…

1 day ago

US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major…

2 days ago

ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor<gwmw style="display:none;"></gwmw><gwmw style="display:none;"></gwmw>

ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its…

2 days ago

Victoria’s Secret ‘s website offline following a cyberattack

Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…

2 days ago

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…

3 days ago