China Hackers Keenest On Industrial System Attacks – Trend Micro

China is the source of most attacks on Trend’s fake industrial systems

Chinese hackers are the keenest when it comes to hitting industrial control systems, research from a major security firm has indicated.

Industrial control systems help run nations’ critical infrastructure, and are increasingly coming under attack. The Stuxnet malware infamously targeted supervisory control and data acquisition (SCADA) networks in Iran, hitting a nuclear facility and setting back uranium enrichment processes.

For its study, Trend Micro set up three separate honeypots, which were designed to look like genuine industrial machines, connected to the public Internet. One was based on Amazon’s public cloud, another on a private Dell server, whilst the final one included an actual Programmable Logic Controller (PLC) controller, as used in such systems.

Trend tricks hackers

It took just 18 hours for attacks to occur on the fake SCADA set-ups. Over a 28-day period, the honeypots were attacked 39 times from 11 different countries. China accounted for the majority of the attack attempts at 35 percent, followed by the US on 19 percent. The UK accounted for eight percent.

Trend figures SCADA

“The findings concerning the deployments proved disturbing,” Trend said in its report, delivered during the Blackhat Europe conference in Amsterdam today.

“In addition to the many attacks seen on the honeypot environment, there was also a surprising number of malware exploitation attempts on the servers.

“Utilising the popular malware honeypot, Dionaea, four samples were collected over the testing time frame, two of which have not been seen in the wild as they had unique MD5 checksums.”

SCADA systems have been shown to be widely vulnerable over the last year. Research conducted by ICS-CERT recently discovered that in 2012 alone, 171 unique vulnerabilities affected 55 different ICS vendors.

It is easy to determine what SCADA systems are connected to the Internet. Tools such as Shodan can also help attackers figure out where vulnerable industrial controls are hooked up, whilst Pastebin contains lots of valuable information, such as relevant IP addresses

Trend had to contact a number of companies who had such systems attached to the Internet with no security mechanisms preventing unauthorised access.

“Until proper [industrial control system] security is implemented, these types of attack will likely become more prevalent and advanced or destructive in the coming years,” the security firm added.

The Chinese government has repeatedly been implicated as the culprit behind various attacks on US companies, including Facebook, Twitter and the New York Times. It has denied all accusations.

Yet it is only the US, which is thought to have been behind Stuxnet, that has been implicated in serious SCADA attacks with real-world, destructive consequences.

How well do you know Apple? Take our quiz.