Saturday, 14 March 2015

US Sees 245 Successful Attacks On industrial Systems


US industrial systems include critical infrastructure faced last year with 245 successful attacks. That the Industrial Control Systems Cyber ​​Emergency Response Team (ICS-CERT) of the Department of Homeland Security in a new report ( pdf ) let you know.

Most attacks were directed against the energy sector. Furthermore, 55% of the 245 reported incidents would be the work of advanced persistent threats (APT) or "sophisticated actors" are. Other incidents appeared the work of hacktivists, insiders and criminals. In many cases, the attackers because of lack of data could not be traced.

Attack Methods

The attackers used different ways to access the systems, such as the use of zero-day vulnerabilities in control systems and software, SQL Injection in Web applications, network scans, spear phishing and "watering hole attacks." There were also incidents of control systems that were not connected to the Internet, the so-called air-gapped systems were infected with malware. It may be used for this purpose infected removable media.

In most cases it is unknown how the attackers gained access to the systems. ICS-CERT further argues that the actual number of incidents is probably higher than the 245 incidents reported. Organizations in the vital infrastructure are therefore urged to report all incidents, even when there is no need support, so that any other incidents can be found and the method of attackers is clear.

No comments:

Post a Comment