1. Home

ICS vulnerabilities can be more easily exploited than previously thought

Aug. 4, 2011
On August 1, DHS issued a bulletin on the Anonymous hacker group -DHS Bulletin: Anonymous/LulzSec Has Continued Success Using Rudimentary Hacking Methods:
Anonymous has stated its intent to target companies related to certain Critical Infrastructure / Key Resources sectors. Future attacks are likely to continue but will likely remain limited in scope due to a lack of advanced capabilities. Some members of LulzSec have demonstrated moderately higher levels of skill and creativity that include using combinations of methods and techniques to target multiple networks.
On August 1, DHS issued a bulletin on the Anonymous hacker group -DHS Bulletin: Anonymous/LulzSec Has Continued Success Using Rudimentary Hacking Methods:
Anonymous has stated its intent to target companies related to certain Critical Infrastructure / Key Resources sectors. Future attacks are likely to continue but will likely remain limited in scope due to a lack of advanced capabilities. Some members of LulzSec have demonstrated moderately higher levels of skill and creativity that include using combinations of methods and techniques to target multiple networks. This does not take into account the possibility of a higher-level actor providing LulzSec or Anonymous more advanced capabilities. Therefore, it may be advisable to adjust monitoring of both internal and external resources for indications of a pending or ongoing attack on cyber or telecommunications networks.

There are several mistaken assumptions about cyber vulnerabilities of control systems – they are much more vulnerable:
- Zero days are the worst case. This is not true as many ICS are still vulnerable to older exploits.
- You need advanced hacking skills to attack control systems. This is not true as can be seen with Dillon Berensford (minimal ICS experience), Ralph Langner (14 bytes to take control), systems running connected to the Internet with no password (Jonathan Pollet’s presentation at BlackHat), etc. 

Don’t take the Anonymous group or others with supposed lack of advanced hacking skills too lightly.
Joe Weiss

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

Latest from Home

shutterstock_2555910325
Shutterstock.com
Coriolis and ultrasonic flowmeters are best suited for flow measurement in green hydrogen applications.

Most Read

Sponsored