Cyber threats morph again

25. April 2012 16:08

Hackers are using social media and less obvious technical exploits to target a wider variety of computer systems

In 2004, the SQL Slammer virus infected over 75,000 computers in the first ten minutes after a 17-year-old hacker unleashed it on the world from his bedroom. Many of those computers happened to be in critical infrastructure facilities, but it did not specifically target industrial control systems (ICS).

Six years later, the Stuxnet virus was discovered and wiped away any remaining illusions about the security of ICS or "security by obscurity."

Cyber security threats facing SCADA and other industrial control systems continue to evolve and hacking techniques have shifted from frontal assaults to more stealthy approaches. That's the outlook from Jonathan Pollet of Red Tiger Security, and an instructor at SANS.

"Denial-of-service attacks are less common now," explained Pollet.

Instead, hackers now look to quietly plant bugs that remain on computer systems below the security radar so that they can collect more information about the target system and construct more sophisticated attacks.

They are also making increasing use of new technologies as well as good old fashioned social engineering to gain information about the systems they want to infiltrate.

One test conducted by security researchers used a stock photo of a pretty model and a bogus profile to build a network of high-ranking military and government figures. Within two months "Robin Sage" had not only built a formidable number of friends but was also able to get many of them to share sensitive information about the systems they worked with.

"Robin" was a guy, by the way—a small irony in a much larger story, but it points to the capacity for deception that lies in social media networks.

Pollet outlined a few best practices (e.g., white listing, device-level firewalls and simply using the authentication capabilities that come with the given system). These can at least keep ICS safe from novices hacking after school. But he also suggested ICS operators go on the offensive and start collecting information not only on cyber security threats and software loopholes but also on the groups who might seek to do them harm.

No system is entirely secure, but as cyber security threats continue to evolve in tandem with the technologies we use in our daily lives, it makes sense that ICS operators would want to move toward a more pro-active posture.


There are no comments yet

Be the first to comment this page

Your comment

(all fields are mandatory)


Your comment

Your name (will be shown)

Your email (will not be shown)


Unable to read the text? Try another image

Comments to this blog are moderated. Your comment will not be published until it has been approved by the moderator.

    •   Cancel
      • Twitter
      • Facebook
      • LinkedIn
      • Weibo
      • Print
      • Email
    •   Cancel


    Contact us

    gad00540 32b8571dd7e44f3a852579eb006ffefe