Industrial control systems (ICS) continues to be a privileged target of hackers. According to IBM Managed Security Services, the number of cyber attacks increased by 110 percent in 2016 compared to 2015.
According to the researchers from IBM, the spike is associated with a significant increase to brute force attacks on supervisory control and data acquisition (SCADA) systems.
IBM notices an increase in ICS traffic caused by SCADA brute-force attacks, unfortunately in some cases systems are exposed on the Internet with default credentials or weak passwords.
IBM warns of the availability of a penetration testing framework named smod that was used in a large number of attacks. The tool was published on the GitHub repository in January 2016, it allows to assess the Modbus serial communications protocol. It could also be used by attackers to power brute-force attacks.
“In January 2016, GitHub released a penetration testing solution that contained a brute-force tool that can be used against Modbus, a serial communication protocol. The public release and subsequent use of this tool by various unknown actors likely led to the rise in malicious activity against ICS in the past 12 months.” states the blog post published by IBM Managed Security Services.
The analysis of the sources of the attacks revealed that threat actors in the US accounted for the majority of ICS attacks in 2016 (60%), followed by Pakistan (20%), and China (12%). The United States also topped the list of the top 5 destination countries, this data is considered normal by experts because the US has the largest number of internet-connected ICS systems in the world.
The report mentions the following three notable ICS attacks occurred in the last years.
The report warns organization in any industry of cyber attacks against ICS system and urges the adoption of necessary countermeasures.
“Organizations across all verticals must take full responsibility for protecting their own assets and consumers. There should be no exceptions, since the best way to keep adversaries out of an ICS is to implement simple safeguards, best practices and risk management solutions.” states the report.
(Security Affairs – ICS attacks, SCADA)