Skip navigation
Industry News

Authentication-Based Attacks Target Energy & Critical Manufacturing Industries

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) finds that the energy sector reported the highest number of security incidents in 2014 at 32 percent, while the critical manufacturing industry came in second at 27 percent, in their most recent Monitor newsletter (PDF).

The report noted that the critical manufacturing industry included reports from some control systems equipment manufacturers. The Dept. of Homeland Security defines the critical manufacturing industry to include those that produce, process and manufacture primary metals; machinery; electrical equipment, appliances and components; and transportation equipment.

A breach of a company that creates engines, turbines, aviation and aerospace products, for example, could potentially disrupt fundamental operations at a national level.

According to the ICS-CERT, the types of reported attacks included malware infections in isolated/segregated control system networks, SQL injections that exploited web app vulnerabilities, zero-day vulnerability exploits of control system devices and software, as well as network scanning and probing.

Other attacks revealed a trend in authentication-based breach attempts, including unauthorized access of Internet-facing ICS/Supervisory Control and Data Acquisition (SCADA) devices. SCADA uses coded signals over communication channels to control remote equipment, employed by wind farms, airports, oil and gas pipelines, and other industrial organizations.

Yet another access attack involved targeted spear-phishing campaigns and strategic website compromises, like watering hole attacks. In a watering hole attack, attackers infect the websites that their targets are likely to visit, such as the incident last September in which a Trojan targeted the viewers of a tech startup in the oil and gas industry shortly after they announced new funding, aiming to steal sensitive data.

The most common vulnerability types found among multiple vendors included authentication, buffer overflow and denial-of-service in 2014, according to the ICS-CERT. A few of those authentication advisories are linked and listed in their newsletter, including:

These type of vulnerabilities are more related to how the applications and clients are developed, but all energy and manufacturing companies can protect themselves by deploying certain authentication security solutions, such as two-factor authentication. Two-factor authentication can help mitigate authentication vulnerabilities and protect manufacturers from many of the access attacks listed above, including phishing.

Learn more in our Two-Factor Authentication Evaluation Guide.