Pierluigi Paganini December 28, 2016

According to data provided by IBM Managed Security Services, the number of ICS attacks in 2016 continues to increase worldwide.

Industrial control systems (ICS) continues to be a privileged target of hackers. According to IBM Managed Security Services, the number of cyber attacks increased by 110 percent in 2016 compared to 2015.

According to the researchers from IBM, the spike is associated with a significant increase to brute force attacks on supervisory control and data acquisition (SCADA) systems.

IBM notices an increase in ICS traffic caused by SCADA brute-force attacks, unfortunately in some cases systems are exposed on the Internet with default credentials or weak passwords.

IBM warns of the availability of a penetration testing framework named smod that was used in a large number of attacks. The tool was published on the GitHub repository in January 2016, it allows to assess the Modbus serial communications protocol. It could also be used by attackers to power brute-force attacks.

“In January 2016, GitHub released a penetration testing solution that contained a brute-force tool that can be used against Modbus, a serial communication protocol. The public release and subsequent use of this tool by various unknown actors likely led to the rise in malicious activity against ICS in the past 12 months.” states the blog post published by IBM Managed Security Services.

The analysis of the sources of the attacks revealed that threat actors in the US accounted for the majority of ICS attacks in 2016 (60%), followed by Pakistan (20%), and China (12%). The United States also topped the list of the top 5 destination countries, this data is considered normal by experts because the US  has the largest number of internet-connected ICS systems in the world.

The report mentions the following three notable ICS attacks occurred in the last years.

• The 2013 New York dam attack. Iranian hackers penetrated the industrial control system of a dam near New York City in 2013, raising concerns about the security of US critical infrastructure.
• The 2015 Ukrainian power outage. Experts speculated the involvement of the Russian Government. According to security experts, the BlackEnergy malware was a key element of the attack against Ukrainian power grid that caused the power outage.
• The 2016 SFG malware attacks. The Labs team at SentinelOne recently discovered a sophisticated malware dubbed Furtim specifically targeting at least one European energy company.

The report warns organization in any industry of cyber attacks against ICS system and urges the adoption of necessary countermeasures.

“Organizations across all verticals must take full responsibility for protecting their own assets and consumers. There should be no exceptions, since the best way to keep adversaries out of an ICS is to implement simple safeguards, best practices and risk management solutions.” states the report.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – ICS attacks, SCADA)

[adrotate banner=”13″]