Stuxnet
case is considered by security expert the first concrete act of cyber
warfare, a malware specifically designed to hit SCADA systems inside
nuclear plants in Iran.
The event has alerted the
international security community on the risks related to the effects of a
cyber attack against supervisory control and data acquisition in
industrial environment.
SCADA systems are adopted
practically in every industrial control system (ICS) used for the
control and monitor of industrial processes that are potential targets
of a cyber attack such as a critical infrastructures or a utility
facilities.
Manufacturing, production, power
generation, water treatment facilities, electrical power transmission
and distribution and large communication systems are all considered
critical asset for every countries and represent privileged targets for
cyber attacks.
Obtain
access to SCADA systems is fundamental step for a attackers that
desires to compromise the controlled processes and contrary to what you
think it isn’t a rare event.
In majority cases the SCADA
system aren’t protected despite they perform a crucial role in the
control of processes, compromising it is possible to directly create
serious damage to real life infrastructures, SCADA hacking is the
classic example of impact on real world of attacks originated in the
cyberspace.
Following an interesting proof of concept on attacks against Echelon SCADA Systems that I found on internet, following the architecture of iLON100 echelon SCADA system.
Target Selection
The targets are chosen analyzing the server responses, in particular all that responses that contain in web header the value WindRiver-WebServer for Server attribute and uses Basic realm-”i.LON” for WWW-Authentication.
The
targets selected with methods described run echelon Smart server 2.0
that is affected by a couple of vulnerabilities one totally new (0-days)
and one exposed some time ago, more information on i.LON system. are
reported at following address: http://www.lon-catalog.ru/ .
After few research on internet the hacker found source code for WindRiver firewalls on the following website
The exploit
Once analyzed the final target the attacker have only to execute the exploit for it. The post reports: “Then you should have the admin panel to change everything on the box”
The
post reports a list of devices directly controlled from admin console
of the SCADA, it is possible to note that its main use is for heating
purposes.
Accessing
to the single device it is possible to set its operating parameters,
let’s imagine the effects on industrial processes or SCADA inside
nuclear plant … it’s already happened and it could happen again!
Conclusions
The
steps proposed are very simple and demonstrate how much vulnerable are
critical infrastructures. Many security experts believe that the most
complicated phase is the research of targets, SCADA system exposed on
internet for various reasons. That’s wrong!
Many hackers “Shodan Computer Search Engine”
to find SCADA systems exposed on internet, the popular website gives
also a useful series of information on the possible targets, many of
these system leak of proper authentication mechanisms and in many cases
aren’t updated.
Shodan is the equivalent of
Google for the machines exposed on internet, it is a search engine for
servers, routers, load balances and any other network device.
“Search
results include information like HTTP server responses to GET requests,
FTP and Telnet service banners and client/server messages exchanged
during login attempts, and SSH banners (including server versions).”
It’s fundamental that government
will improve cyber strategies to protect SCADA systems, requiring the
respect of strict regulation under security perspective to ensure their
security and prevent external attacks.
• Deploy secure remote access methods such as Virtual Private Networks (VPNs) for remote access
• Remove, disable, or rename any default system accounts (where possible)
• Implement account lockout policies to reduce the risk from brute forcing attempts
• Implement policies requiring the use of strong passwords
• Minotor the creation of administrator level accounts by third-party vendors
If you think that SCADA system
today are secure, and in case you had not convinced the criticality of
the problem let me suggest you watch the video “ReVuln - SCADA 0-day vulnerabilities".
It is a showcase of some SCADA
0-day exploits owned by ReVuln security company, the 0-day
vulnerabilities are all server-side and remotely exploitable. This video
shows issues affecting the following vendors: General Electric,
Schneider Electric, Kaskad, ABB/Rockwell, Eaton, Siemens … nobody is
secure. Note that many other 0-day vulnerabilities owned by ReVuln
affecting other well known SCADA/HMI vendors have been not included in
this video.
The attackers "can take control of the machine with the maximum privileges (SYSTEM on Windows) granted by the affected service," ReVuln co-founder and security researcher Luigi Auriemma.
"They can install rootkits
and other types of malware or obtain sensitive data (like passwords used
on other computers of the same network) and obviously they can control
the whole infrastructure."
As it is possible to image the situation is very concerning!
| روابط هذه التدوينة قابلة للنسخ واللصق | |
| URL | |
| HTML | |
| BBCode | |
شاهد ايضا اخر مواضيع الجيش العرقي الالكتروني
kamindoz
