Attacks against industrial control systems double

Attacks against industrial control systems doubled last year, according to a new report from Dell.

"We have over a million firewalls sending data to us on a minute-by-minute basis," said John Gordineer, director of product marketing for network security at Dell. "We anonymize the data and see interesting trends."

In particular, attacks specifically targeting SCADA industrial control systems rose 100 percent in 2014 compared to the previous year.

[ The future of SCADA-control security ]

Countries most affected were Finland, the U.K. and the U.S.

The most common attack vector against these systems were buffer overflow attacks, said Gordineer.

"They're trying to overwhelm that SCADA system and cause a denial of service," he said. "What they're trying to do is not steal data but shut the devices down. We hypothesize that there's less of a financial motive here than a disruption of service type of motive."

These kinds of attacks don't involve loss of personally identifiable information, so typically aren't reported. In fact, other industrial companies might not even know that the threat exists until they are targeted.

According to Dell, the state of vulnerability is exacerbated by the fact that industrial machine is typically older equipment and isn't well secured against modern networked environments -- and more attacks are likely to come as a result.

The data was collected by the Dell Global Response Intelligence Defense Network, which collects data from more than a million security sensors in over 200 countries, honeypots, data from thousands of firewalls, shared threat intelligence from industry groups and research organizations, and other sources.

The report also covered two other major trends, the increase in malware targeting point-of-sale devices, and the increase in encrypted traffic.

Dell researchers created 13 new point-of-sale malware signatures in 2014, compared to just three in all of 2013.

The majority of these attacks were aimed at the US retail industry.

The malware has also been evolving, using memory scraping and encryption to avoid detection.

Other kinds of malware have been adopting encryption as well, said Gordineer.

"The new exploit kits all have it," he said.

The reason is that there's more encrypted traffic than ever before, making it easier for the malware to hide. By the end of 2014, encrypted traffic accounted for 60 percent of all connections.

Some sites, including Google, Facebook, and Twitter have begun routinely encrypting all traffic in order to protect user privacy and improve security.

The volume of encrypted web connections increased 109 percent last year, and has continued to grow through the first quarter of 2015.

"It creates challenges for corporate security," said Gordineer. "If you have a basic packet filtering firewall in place, it's basically blind to 60 percent of the connections coming in."

Join the CSO newsletter!

Error: Please check your email address.

Tags DellSCADAcyber attacksindustrial-control systemsespionagesecurity

More about DellFacebookGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place