ICA-CERT has released it’s annual Year In Review
report (PDF), which examines the risks posed by the increase in
Industrial Control Systems (ICS) that are connected to the Internet,
either intentionally or by mistake.
ICS-CERT reports that they responded to 245 attacks (PDF) against U.S. based Industrial Control Systems (ICS) in the 2014 fiscal year (October 2013 to September 2014), with nearly one-third of the incidents focused on systems governing energy production and distribution.
Of the reported attacks, 32% targeted the Energy Sector, with attacks against Critical Manufacturing systems following up at a close second place at 27%, Healthcare with 6%, Water supply systems and Communications each with 6%, and Government Facilities at just over 5%.
“Shaodan, google, and other search engines have enabled threat actors to easily discover and identify a variety of Internet facing ICS devices. Adding to the threat landscape is the continued scanning and cataloguing of devices known to be susceptible to emerging vulnerabilities such as the ‘Heartbleed’ OpenSSL vulnerability. The search terms needed to identify ICS are widely available because of and increasing public body of knowledge with detailed ICS-specific terminology,” said Marty Edwards, director of ICS-CERT.
“The availability of this knowledge, coupled with the aforementioned tools, lowers the level of knowledge required to locate Internet -facing control systems. In many cases these devices have not been configured with adequate authentication mechanisms, thereby increasing the chances of opportunistic and targeted attempts to directly access these components. As these tools and the capabilities of adversaries advance, we expect that exposed systems will be more effectively be discovered and targeted by adversaries.”
Key highlights of the report include:
Authentication issues, buffer overflows, and denial-of-service vulnerabilities were the most common vulnerability types, with the ‘Heartbleed’ OpenSSL vulnerability garnering the most attention through multi-vendor coordinated responses.
http://blog.norsecorp.com/2015/04/17/ics-cert-year-in-review-report-released/
https://ics-cert.us-cert.gov/sites/default/files/documents/ICS-CERT%20YIR%202014.pdf
ICS-CERT reports that they responded to 245 attacks (PDF) against U.S. based Industrial Control Systems (ICS) in the 2014 fiscal year (October 2013 to September 2014), with nearly one-third of the incidents focused on systems governing energy production and distribution.
Of the reported attacks, 32% targeted the Energy Sector, with attacks against Critical Manufacturing systems following up at a close second place at 27%, Healthcare with 6%, Water supply systems and Communications each with 6%, and Government Facilities at just over 5%.
“Shaodan, google, and other search engines have enabled threat actors to easily discover and identify a variety of Internet facing ICS devices. Adding to the threat landscape is the continued scanning and cataloguing of devices known to be susceptible to emerging vulnerabilities such as the ‘Heartbleed’ OpenSSL vulnerability. The search terms needed to identify ICS are widely available because of and increasing public body of knowledge with detailed ICS-specific terminology,” said Marty Edwards, director of ICS-CERT.
“The availability of this knowledge, coupled with the aforementioned tools, lowers the level of knowledge required to locate Internet -facing control systems. In many cases these devices have not been configured with adequate authentication mechanisms, thereby increasing the chances of opportunistic and targeted attempts to directly access these components. As these tools and the capabilities of adversaries advance, we expect that exposed systems will be more effectively be discovered and targeted by adversaries.”
Key highlights of the report include:
- Havex and BlackEnergy Activities: The ICS-CERT Team conducted an action campaign to provide classified briefings with contextual and detailed information about Havex and BlackEnergy malware for private sector CI asset owners. These briefings covered 15 cities, from November 25 through December 11. ICS-CERT also hosted a webinar and released multiple alerts and advisories with detailed actionable information related to the malware characteristics as well as methods for detecting compromise and improving cyber defenses. ICS-CERT reached nearly 1,400 participants across all 16 CI sectors with these briefings.
- Heartbleed OpenSSL Activities: The Vulnerability Coordination Team released detailed and timely advisories, conducted briefings, and hosted two webinars featuring the original researchers who discovered the Heartbleed OpenSSL vulnerability. The team acted quickly to identify affected ICS products and developed multiple alerts in coordination with the vendor community to prevent any major incidents.
- Onsite Assessments: The ICS-CERT Assessments Team deployed to 21 different states, conducting 104 onsite cybersecurity assessments to assist CI asset owners in strengthening the overall cybersecurity posture of their ICSs.
- “Safeguard” Assessments: ICS-CERT and the Federal Energy Regulatory Commission’s (FERC) Office of Energy Infrastructure Security (OEIS) introduced a new technical service offering entitled “Safeguard.” This engagement provided select asset owners with proactive and customized cyber assessment services based on their specific interest and area of focus.
- Online Training: The ICS-CERT Training Team launched new online training modules with a blended learning approach, which makes accessing course material easier and more efficient, reduces redundancy in training materials, and eliminates the need to travel to participate in ICS-CERT training.
- CSET Tool: The CSET Development Team released two new versions of CSET in 2014, CSET 6.0 in February and CSET 6.1 in August. The latest version includes the National Institute of Standards and Technology (NIST) Framework, which allows asset owners to create their own question sets and provides industry organizations the ability to collaborate in creating and sharing question sets
Authentication issues, buffer overflows, and denial-of-service vulnerabilities were the most common vulnerability types, with the ‘Heartbleed’ OpenSSL vulnerability garnering the most attention through multi-vendor coordinated responses.
http://blog.norsecorp.com/2015/04/17/ics-cert-year-in-review-report-released/
https://ics-cert.us-cert.gov/sites/default/files/documents/ICS-CERT%20YIR%202014.pdf