SCADA attacks on the rise: Trend Micro
Attackers change tactics, favour Trojans over worms
Attacks on SCADA (supervisory control and data acquisition) systems have been on the rise since October 2014 and are now using Trojans, rather than worms, to compromise critical infrastructure, the Register reported, citing Trend Micro research.
SCADA software systems control real-world hardware, such as that found in power stations or mining operations. According to Trend Micro researcher Kyle Wilhoit, attackers have begun dropping banking Trojans disguised as driver updates, where previous attacks, such as Stuxnet had used worm malware.
Wilhoit said a growing number of bugs have been discovered in SCADA software in recent years. While flaws such as Heartbleed and Poodle are deployed with vendor software libraries, he highlighted problems with command-and-control systems using hard-coded passwords.
Worm attacks such as Stuxnet concentrate on compromising software to ultimately take control of critical hardware, but Trojans suggest a change in priority for cyber miscreants.
"The ultimate end goal here is probably not industrialised espionage, but to get banking credentials," said Wilhoit.
He also pointed out that many such systems included Windows-based workstations and that taking complete control of critical infrastructure was not necessary to unleash havoc. All attackers would need to do is launch a Cryptolocker-style incursion and they could stop operations and demand ransom for their reinstatement.
"HMI [Human-machine interface] systems are very finicky, so it doesn't take much to make these things fall over. Financial information could be stolen, but what if an [HMI] box drops inadvertently?" he said.