This week, researchers in the United States have identified 25 zero-day vulnerabilities in industrial control software – specifically SCADA software – from one vendor. While most of the 25 known vulnerabilities would not render servers completely unable to control utilities, the researchers note that this would be possible through the worst of the vulnerabilities, which would allow hackers to take control of the whole system. Nine of the potential exploits, identified by researchers working with industrial consultants Automatak, have so far been reported to the vendor, as well as to the US Department of Homeland Security.
Ross Brewer, vice president and managing director for international markets, LogRhythm, commented:
“While cyber attacks on SCADA systems may be rare when compared to the extraordinary number of incidents involving web applications or enterprise IT networks, the damage they are able to cause is disproportionately severe. The software is primarily responsible for critical operations and national infrastructures and, if exploited, could seriously damage the operations of electricity, water and power suppliers. The potential implications of a hack are terrifying and could not only result in the loss of data, but can also cause damage to physical assets and in certain scenarios, the loss of life.
“SCADA systems are potentially more vulnerable to exploitation given that, when they were developed, internet use was yet to explode. The focus of control system security has therefore been typically limited to physical assets, rather than cyber security. Some of the most notorious cyber attacks in recent years – such as the Stuxnet and Flame viruses – have been SCADA breaches, and it is clear that there is still potential for similar hacks due to lax security policies. Organisations and governments alike must see these latest discoveries as a sign to take urgent and swift action to build up their own defences.
“Traditional perimeter cyber security tools, such as anti-virus software, have proven their shortcomings time and time again. The Flame virus, for example, avoided detection from 43 different anti-virus tools and took more than two years to detect. Instead, organisations must have tools in place that allow them to indentify threats, respond and expedite forensic analysis in real time. To achieve this, continuous monitoring of all log data generated by IT systems is required in order to automatically baseline normal, day-to-day activity across systems and multiple dimensions of the IT estate and identify any and all anomalous activity immediately. With increased computerisation, critical infrastructure services become far more vulnerable, and without advanced levels of protection it could be lights out, and worse, for all.”