Authentication-Based Attacks Target Energy & Critical Manufacturing Industries
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) finds that the energy sector reported the highest number of security incidents in 2014 at 32 percent, while the critical manufacturing industry came in second at 27 percent, in their most recent Monitor newsletter (PDF).
The report noted that the critical manufacturing industry included reports from some control systems equipment manufacturers. The Dept. of Homeland Security defines the critical manufacturing industry to include those that produce, process and manufacture primary metals; machinery; electrical equipment, appliances and components; and transportation equipment.
A breach of a company that creates engines, turbines, aviation and aerospace products, for example, could potentially disrupt fundamental operations at a national level.
According to the ICS-CERT, the types of reported attacks included malware infections in isolated/segregated control system networks, SQL injections that exploited web app vulnerabilities, zero-day vulnerability exploits of control system devices and software, as well as network scanning and probing.
Other attacks revealed a trend in authentication-based breach attempts, including unauthorized access of Internet-facing ICS/Supervisory Control and Data Acquisition (SCADA) devices. SCADA uses coded signals over communication channels to control remote equipment, employed by wind farms, airports, oil and gas pipelines, and other industrial organizations.
Yet another access attack involved targeted spear-phishing campaigns and strategic website compromises, like watering hole attacks. In a watering hole attack, attackers infect the websites that their targets are likely to visit, such as the incident last September in which a Trojan targeted the viewers of a tech startup in the oil and gas industry shortly after they announced new funding, aiming to steal sensitive data.
The most common vulnerability types found among multiple vendors included authentication, buffer overflow and denial-of-service in 2014, according to the ICS-CERT. A few of those authentication advisories are linked and listed in their newsletter, including:
- Siemens SIMATIC WinCC Sm@rtClient iOS Application Authentication Vulnerabilities - One vulnerability allows attackers to extract passwords and gain access to the application if local access is available
- Clorius Controls A/S ISC SCADA Insecure Java Client Web Authentication - The method of encrypting credentials with the impacted Java web client allows an attacker to sniff network traffic and easily decode the credentials, giving an attacker complete access to the server
- Accuenergy Acuvim II Authentication Vulnerabilities - One vulnerability allows an attacker to access settings without authenticating by accessing a certain uniform resource locater (URL) on the web server
These type of vulnerabilities are more related to how the applications and clients are developed, but all energy and manufacturing companies can protect themselves by deploying certain authentication security solutions, such as two-factor authentication. Two-factor authentication can help mitigate authentication vulnerabilities and protect manufacturers from many of the access attacks listed above, including phishing.
Learn more in our Two-Factor Authentication Evaluation Guide.