Who is attacking industrial control systems?
Posted on 18 March 2013.
Since the discovery of Stuxnet, industrial control systems (ICS) and supervisory control and data acquisition (SCADA) networks have received a fair share of attention from researchers and attackers alike.

Introduced decades ago when security was not that great a concern and when most of them weren't connected to the Internet or to a LAN, these systems are now getting bolt-on security. Realistically, problems related to this are only starting.

If you don't believe that these systems make such great targets, consider the results of a recent report by a Trend Micro researcher who set up honeypot architecture emulating a number of of SCADA and ICS devices and featuring typical vulnerabilities found on similar systems.

Accessible from the Internet through simple Google searches (as many of these systems are), his honeypots were targeted both by automated and targeted attacks, and it took only 18 hours for the first one to be detected.

"Out of these 39 attacks, 12 were unique and could be classified as 'targeted' while 13 were repeated by several of the same actors over a period of several days and could be considered 'targeted' and/or 'automated.' All of these attacks were prefaced by port scans performed by the same IP address or an IP address in the same /27 netblock," says Threat Researcher Kyle Wilhoit.

Unsurprisingly, 35 percent of these attacks originated in China, and 19 percent in the United States. All other "players" didn't surpass the one digit limit, except for a unexpected "third place" occupied by hits from Laos:

Wilhoit also made a list of different types of attacks that were attempted (including spearphishing a site administrator) and covered good advice for preventing them. He also included a lot of details concerning the setup of such honeypots.


Email scammers stole $215M from businesses in 14 months

Posted on 29 January 2015.  |  In 14 months there have been nearly 1200 US and a little over 900 non-US victims of BEC scams, and the total money loss reached nearly $215 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jan 30th