Supervisory Control and Data Acquisition (SCADA) Systems serve as the heart of manufacturing facilities that monitor, control and assess processes. And they are now a prime target for hackers who have upped their game with a variety of evolving DDoS attacks and dynamic malware.
Malware known as Triton is one of the latest, most dangerous, iterations that attackers have aimed at these systems. Yet, despite the cyber security calamities that have occurred over the last couple of years, SCADA systems are still not buttoned up. Hackers are now targeting these once air-gapped systems in hopes of a variety of outcomes, including:
- Espionage.
- Interruption of services.
- To cause catastrophic events.
INSINIA researchers recently demonstrated how these systems could be compromised from the inside with just four lines of code during a presentation at the BSides London conference.
The Challenges Ahead
It is not the big things that will trip up these systems, rather it is the mundane, usual things such as patching, outdated software and targeted attacks. INSINIA researchers have pointed out that most of these systems are still running “hopelessly obsolete” versions of Windows (while most are running Windows 7, some are still stuck on Windows 98). This poses many obvious and glaring security issues, especially for those ‘98 terminals, which could still be vulnerable to vintage hacking tools like Back Orifice.
The challenge that organizations face when running these outdated systems is that they have now connected those systems to the broader IT infrastructure in an effort to gain operational efficiency and effectiveness. Opening up these once closed systems to the Internet has increased the threat surface exponentially.
Hackers now have the potential to access these systems from both the inside as well as the outside of a facility and change settings or launch Denial-of-Service (DDoS) attacks to overwhelm systems and block local changes from taking effect.
There’s nothing surprising in demonstrating that attackers having the ability to operate inside an organization leads to far easier compromises. It’s a fact that the majority of attacks still come down to people on the inside being tricked into executing malware for the attackers, which enables them to then operate as if they themselves were physically on the inside. As INSINIA reported, it’s a relatively trivial matter to impact SCADA control systems from the inside.
Employees can easily be targeted by cyber criminals utilizing phishing techniques to trick them into executing malware. One little click could be as devastating as having a bomb go off on the factory floor – bringing productivity to a halt, or even more serious consequences. Not only is it important to have security policies and procedures in place, but employees must be well-trained to spot the latest security threats.
This sizable threat, emanating from attackers ranging from regular cybercriminals to nation states, should be the fuel needed for companies operating SCADA systems to race to put tighter security measures in place and implement leading edge technologies.
Organizations vulnerable to such attacks need to ensure they are putting the right protection in place, including real-time automatic DDoS protection, as even small attacks getting through for a short period of time could have serious implications. These small attacks can also serve as smokescreens for other types of attacks occurring at the same time on a system.
Just as cyber criminals are constantly evolving their techniques, businesses must also adapt to keep cyber-attacks from breaking through and creating damaging and costly events.
Sean Newman is Director of Product Management for Corero Network Security. He has worked in the security and networking industry for twenty years, with previous roles at Cisco, Sourcefire, Sophos and 3Com.
