Attacks against industrial control systems double

17.04.2015
Attacks against industrial control systems doubled last year, according to a new report from Dell.

"We have over a million firewalls sending data to us on a minute-by-minute basis," said John Gordineer, director of product marketing for network security at Dell. "We anonymize the data and see interesting trends."

In particular, attacks specifically targeting SCADA industrial control systems rose 100 percent in 2014 compared to the previous year.

[ The future of SCADA-control security ]

Countries most affected were Finland, the U.K. and the U.S.

The most common attack vector against these systems were buffer overflow attacks, said Gordineer.

"They're trying to overwhelm that SCADA system and cause a denial of service," he said. "What they're trying to do is not steal data but shut the devices down. We hypothesize that there's less of a financial motive here than a disruption of service type of motive."

These kinds of attacks don't involve loss of personally identifiable information, so typically aren't reported. In fact, other industrial companies might not even know that the threat exists until they are targeted.

According to Dell, the state of vulnerability is exacerbated by the fact that industrial machine is typically older equipment and isn't well secured against modern networked environments -- and more attacks are likely to come as a result.

The data was collected by the Dell Global Response Intelligence Defense Network, which collects data from more than a million security sensors in over 200 countries, honeypots, data from thousands of firewalls, shared threat intelligence from industry groups and research organizations, and other sources.

The report also covered two other major trends, the increase in malware targeting point-of-sale devices, and the increase in encrypted traffic.

Dell researchers created 13 new point-of-sale malware signatures in 2014, compared to just three in all of 2013.

The majority of these attacks were aimed at the US retail industry.

The malware has also been evolving, using memory scraping and encryption to avoid detection.

Other kinds of malware have been adopting encryption as well, said Gordineer.

"The new exploit kits all have it," he said.

The reason is that there's more encrypted traffic than ever before, making it easier for the malware to hide. By the end of 2014, encrypted traffic accounted for 60 percent of all connections.

Some sites, including Google, Facebook, and Twitter have begun routinely encrypting all traffic in order to protect user privacy and improve security.

The volume of encrypted web connections increased 109 percent last year, and has continued to grow through the first quarter of 2015.

"It creates challenges for corporate security," said Gordineer. "If you have a basic packet filtering firewall in place, it's basically blind to 60 percent of the connections coming in."

(www.csoonline.com)

Maria Korolov

Zur Startseite