Security researchers revealed this week that a large number of security flaws have been discovered in industrial control software. Italian security company ReVuln revealed that SCADA software in particular contained multiple zero-day vulnerabilities. SCADA software and applications are used to run critical systems and are therefore becoming an extremely popular target of cyber activism or cyber terrorism.
Matt Middleton-Leal, regional director, UK & Ireland at Cyber-Ark has made the following comments: “We are starting to see evidence of cyber attackers tapping into malware to penetrate, spy on, disrupt, and even bring down critical infrastructures, such as programmes run on SCADA. We appear to be moving into an era of cyber-warfare, where highly advanced attacks are being launched by nation states to indirectly and directly affect one another – with Flame providing a recent example of malware being used as a tool in state-sponsored cyber espionage. There’s also a blurring of the line between cyber-activism and cyber-terrorism, as major damage is frequently caused by small, focused groups.
“Legacy systems and applications which house this type of sensitive information will inherently contain weaknesses and vulnerabilities. The speed of change within the industry makes it very hard for industrial systems to keep up with new types of attacks targeted at critical systems. Built-in flaws such as the existence of unmanaged privileged and shared administrative accounts make life all too easy for those wishing to execute an attack on critical infrastructure. These types of accounts provide attackers the most effective way to gain widespread and anonymous access to the network. Yet despite the immense importance of such accounts to a network’s security, these access points are often poorly protected with default or weak passwords.
“If made use of, these vulnerable access points can be exploited to remotely wreak havoc by disrupting power supplies, impeding oil and gas pipeline flows, or even by installing malware, which can lurk hidden in the system and re-emerge later for follow-on impact. With this in mind, it is vital that organisations proactively safeguard all privileged accounts existing in their IT and operational technology environments.
“Ignoring these accounts can have serious consequences. Take, for example, the recent case of Schneider Electric – where insecure passwords securing a factory log-in account, effectively provided a ‘back door’ to one of the most popular types of smart meters. Organisations are urgently urged to ensure that they are taking a holistic approach to data security, securing traditional IT systems, SCADA, ICSs and their process controllers with a centralised system capable of controlling, managing, monitoring and reporting on all remote and privileged account access.”