Although organizations continue to increase IT security spending to address the rising number of damaging, high profile security breaches, cyber attacks against industrial targets—including power plants, factories and refineries—increased 100 percent in the past year, according to a new study conducted by computer technology company Dell.
The 2015 Dell Security Annual Threat Report stated attacks against supervisory control and data acquisition (SCADA) systems more than doubled from 2013 to 2014. Specifically, Dell saw worldwide SCADA attacks increase from 91,676 in January 2012 to 163,228 in January 2013, and 675,186 in January 2014.
The majority of these attacks targeted Finland, the United Kingdom and the United States, likely because SCADA systems are more common in these regions. The report indicated that, unlike point-of-sale (POS) attacks, which tend to be financial in nature, SCADA attacks are political.
Buffer overflow vulnerabilities were the primary method used to attack SCADA systems, accounting for 25 per cent of the attacks. Other key SCADA attack methods included improper input validation (9 percent), information exposure (9 percent), resource management errors (8.26 percent), and permissions, privileges and access controls (7.44 percent).
Unfortunately, SCADA attacks often go unreported, since companies are only required to report security breaches involving personal or payment information. Consequently, industrial companies may be unaware a SCADA threat exists until they are targeted themselves.
Similarly, Homeland Security Today recently reported that the 245 cyber incidents reported to the Department of Homeland Security’s (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in 2014 represented only the number of incidents reported to ICS-CERT, and not the total number of attacks on US critical infrastructure. Many incidents go unreported.
Patrick Sweeney, executive director of Dell Security, said, "This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will to continue to grow in the coming months and years."
SCADA attacks can have devastating consequences for the economy and national security. For example, the Stuxnet computer worm that ravaged one-fifth of the nuclear centrifuges at Iran’s chief nuclear facility was one of the first examples of the devastating impact of an attack on SCADA systems.
As Homeland Security Today previously reported, estimates indicate the worm destroyed up to 1,000 uranium enrichment centrifuges at Natanz, Iran’s primary nuclear plant. The attackers ended up losing control of the worm, which infected hundreds of thousands of computers in addition to its designated targets. After infecting Natanz, Stuxnet became known as a harbinger of a new era of highlysophisticated state-sponsored attacks on industrial control systems.
The report recommended a number of ways to protect against SCADA attacks, including restricting USB ports if they aren’t necessary, ensuring Bluetooth is disabled, making sure all software and systems are up to date and ensuring that the network only allows connections with approved IPs. In addition, reporting and sharing information about SCADA attacks can help ensure the industrial community as a whole is appropriately aware of emerging threats.
“Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed," Sweeney said. "Hacks and attacks continue to occur, not because companies aren’t taking security measures, but because they aren’t taking the right ones.”
Other trends reported by Dell include a surge in POS malware and attacks, as well as a dramatic increase in SSL and TLS encrypted Internet traffic. Forrester Research noted, "The major breaches of 2013 and 2014 brought to the fore the lack of security surrounding POS systems, the risks involved with third parties and trusted business partners, and the new attack vectors opened through critical vulnerabilities such as Heartbleed."
“Malware targeting POS systems is evolving drastically, and new trends like memory scraping and the use of encryption to avoid detection from firewalls are on the rise," Sweeney said. "To guard against the rising tide of breaches, retailers should implement more stringent training and firewall policies, as well as re-examine their data policies with partners and suppliers.”