ICS vulnerabilities can be more easily exploited than previously thought

    Aug. 4, 2011
    On August 1, DHS issued a bulletin on the Anonymous hacker group -DHS Bulletin: Anonymous/LulzSec Has Continued Success Using Rudimentary Hacking Methods:
    Anonymous has stated its intent to target companies related to certain Critical Infrastructure / Key Resources sectors. Future attacks are likely to continue but will likely remain limited in scope due to a lack of advanced capabilities. Some members of LulzSec have demonstrated moderately higher levels of skill and creativity that include using combinations of methods and techniques to target multiple networks.
    On August 1, DHS issued a bulletin on the Anonymous hacker group -DHS Bulletin: Anonymous/LulzSec Has Continued Success Using Rudimentary Hacking Methods:
    Anonymous has stated its intent to target companies related to certain Critical Infrastructure / Key Resources sectors. Future attacks are likely to continue but will likely remain limited in scope due to a lack of advanced capabilities. Some members of LulzSec have demonstrated moderately higher levels of skill and creativity that include using combinations of methods and techniques to target multiple networks. This does not take into account the possibility of a higher-level actor providing LulzSec or Anonymous more advanced capabilities. Therefore, it may be advisable to adjust monitoring of both internal and external resources for indications of a pending or ongoing attack on cyber or telecommunications networks.

    There are several mistaken assumptions about cyber vulnerabilities of control systems – they are much more vulnerable:
    - Zero days are the worst case. This is not true as many ICS are still vulnerable to older exploits.
    - You need advanced hacking skills to attack control systems. This is not true as can be seen with Dillon Berensford (minimal ICS experience), Ralph Langner (14 bytes to take control), systems running connected to the Internet with no password (Jonathan Pollet’s presentation at BlackHat), etc. 

    Don’t take the Anonymous group or others with supposed lack of advanced hacking skills too lightly.
    Joe Weiss

    Continue Reading

    Sponsored Recommendations

    Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
    Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
    Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
    An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...

    Latest from Home

    Hands from diverse individuals work together to arrange large gears on a surface, symbolizing cooperation and collective effort for success in a business environment.
    Source: Endress+Hauser
    Endress+Hauser engineer
    adobe_stock_for_emerson_ip

    Most Read

    Sponsored