Who is attacking industrial control systems?
Posted on 18 March 2013.
Since the discovery of Stuxnet, industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks have received a fair share of attention from researchers and attackers alike.

Introduced decades ago when security was not that great a concern and when most of them weren't connected to the Internet or to a LAN, these systems are now getting bolt-on security. Realistically, problems related to this are only starting.

If you don't believe that these systems make such great targets, consider the results of a recent report by a Trend Micro researcher who set up honeypot architecture emulating a number of of SCADA and ICS devices and featuring typical vulnerabilities found on similar systems.

Accessible from the Internet through simple Google searches (as many of these systems are), his honeypots were targeted both by automated and targeted attacks, and it took only 18 hours for the first one to be detected.

"Out of these 39 attacks, 12 were unique and could be classified as 'targeted' while 13 were repeated by several of the same actors over a period of several days and could be considered 'targeted' and/or 'automated.' All of these attacks were prefaced by port scans performed by the same IP address or an IP address in the same /27 netblock," says Threat Researcher Kyle Wilhoit.

Unsurprisingly, 35 percent of these attacks originated in China, and 19 percent in the United States. All other "players" didn't surpass the one digit limit, except for a unexpected "third place" occupied by hits from Laos:

Wilhoit also made a list of different types of attacks that were attempted (including spearphishing a site administrator) and covered good advice for preventing them. He also included a lot of details concerning the setup of such honeypots.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th