ICS attacks rise in 2016, according to report

A report by IBM Managed Security Services said that industrial control systems (ICS) attacks with the largest rise coming from brute force attacks on supervisory control and data acquisition (SCADA) systems.

By Gregory Hale, ISSSource February 24, 2017

Industrial control systems (ICS) attacks jumped by 110% in 2016, said researchers at IBM Managed Security Services. The main culprit was brute force attacks on supervisory control and data acquisition (SCADA) systems.

Attackers used a penetration testing tool, Smod, which was available on GitHub since last January. It can conduct a security assessment of the Modbus serial communications protocol and it includes brute-force capabilities.

“The public release and subsequent use of this tool by various unknown actors likely led to the rise in malicious activity against ICS in the past 12 months,” said Dave McMillen, senior threat researcher at IBM Managed Security Services.

The United States was the top source and top destination of ICS attacks observed by IBM since the beginning of 2016 until the end of November.

Researchers said the reason for the attacks was because the U.S. has the largest number of Internet-connected ICS systems.

Sixty percent of the attacks came from the U.S., followed by Pakistan (20%), China (12%), the Netherlands (5%) and India (4%). Nearly 90% of ICS attacks focused on the United States, with China, Israel, Pakistan, and Canada also on the list.

IBM described three ICS attacks that made headlines.

One of them is the 2013 New York dam attack divulged by the U.S. Justice Department in March, McMillen said. Authorities said Iranian hackers compromised the system used to control the dam.

Another high-profile attack was the Ukrainian energy sector in December 2015. The attacks, attributed to the Russian government, caused severe power outages. Similar outages occurred this year, but Ukraine has yet to confirm they were cyberattacks.

The SFG malware, discovered in June 2016 on the networks of a European energy company, created a backdoor on targeted industrial control systems, McMillen said. The backdoor delivered a payload, “Used to extract data from or potentially shut down the energy grid.”

The Windows-based SFG malware is designed to bypass traditional antivirus software and firewalls. It contains all the hallmarks of a nation-state attack, likely of Eastern European origin.

“Government and private institutions around the world are starting to focus on mitigating risk to ICS,” McMillen said. Cybercriminals are developing new threats on a daily basis that could result in catastrophic utility outages.

The threat to ICS permeates across a nation’s entire economy and infrastructure, McMillen said. Organizations across all verticals must take responsibility for protecting their own assets and consumers.

“The best way to keep adversaries out of an ICS is to implement simple safeguards, best practices and risk management solutions,” he said.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information Website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. Edited by Chris Vavra, production editor, CFE Media, Control Engineeringcvavra@cfemedia.com.

ONLINE extra

See additional stories from ISSSource about the IIoT linked below.

Original content can be found at www.isssource.com.