Attacks against industrial control systems doubled last year, according to a new report from Dell.
“We have over a million firewalls sending data to us on a minute-by-minute basis,” said John Gordineer, director of product marketing for network security at Dell. “We anonymise the data and see interesting trends.”
In particular, attacks specifically targeting SCADA industrial control systems rose 100% in 2014 compared to the previous year.
Countries most affected were Finland, the UK and the US. The most common attack vector against these systems were buffer overflow attacks, said Gordineer.
“They’re trying to overwhelm that SCADA system and cause a denial of service,” he said. “What they’re trying to do is not steal data but shut the devices down. We hypothesise that there’s less of a financial motive here than a disruption of service type of motive.”
These kinds of attacks do not involve loss of personally identifiable information, so typically aren’t reported. In fact, other industrial companies might not even know that the threat exists until they are targeted.
According to Dell, the state of vulnerability is exacerbated by the fact that industrial machine is typically older equipment and is not well secured against modern networked environments — and more attacks are likely to come as a result.
The data was collected by the Dell Global Response Intelligence Defence Network, which collects data from more than a million security sensors in over 200 countries, honeypots, data from thousands of firewalls, shared threat intelligence from industry groups and research organisations, and other sources.
The report also covered two other major trends, the increase in malware targeting point-of-sale devices, and the increase in encrypted traffic. Dell researchers created 13 new point-of-sale malware signatures in 2014, compared to just three in all of 2013.
The majority of these attacks were aimed at the US retail industry.
The malware has also been evolving, using memory scraping and encryption to avoid detection. Other kinds of malware have been adopting encryption as well, said Gordineer.
“The new exploit kits all have it,” he said.
The reason is that there is more encrypted traffic than ever before, making it easier for the malware to hide. By the end of 2014, encrypted traffic accounted for 60% of all connections.
Some sites, including Google, Facebook, and Twitter have begun routinely encrypting all traffic in order to protect user privacy and improve security.
The volume of encrypted web connections increased 109% last year, and has continued to grow through the first quarter of 2015.
“It creates challenges for corporate security,” said Gordineer. “If you have a basic packet filtering firewall in place, it’s basically blind to 60% of the connections coming in.”
Maria Korolov, IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers