Categories: SecurityWorkspace

Study: Attackers Continuously Targeting US Gas Utilities

Unknown attackers have targeted the Internet-connected systems of natural-gas companies, using brute-force attacks to attempt to access the companies’ business and process-control networks, according to a report published last week by the Internet Control System Cyber Emergency Response Team (ICS-CERT).

The incidents, which occurred in January and February, were first reported to the ICS-CERT, a component of the US Department of Homeland Security, in late February, the group stated in its quarterly public report on cyber threats.

Critical infrastructure under attack

Following the initial report and a subsequent warning from the ICS-CERT, more critical infrastructure companies came forward with news of other incidents.

“The companies reporting this activity operate gas compressor stations across the Midwest and Plains states within the US, although some of the attempts reported were solely against business networks,” the report stated. “While none of the brute force attempts were successful, these incidents highlight the need for constant vigilance on the part of industry asset owners and operators.”

The last attack occurred on 23 February, according to the report. While the ICS-CERT claimed that no new attacks have been detected, it’s unlikely that the attacks have stopped altogether, Tommy Stiansen, chief technology officer and co-founder of threat-intelligence firm Norse, said in an e-mail interview.

“Today all public facing IP addresses are attacked on a regular basis, but the questions are really by whom and how targeted and sophisticated are the attacks,” he said. “While there may be an element of failure to report, it may be that some of these installations are compromised but admins remain unaware due the stealthy nature of the compromise.”

Recent research published by security firm Trend Micro found that Internet-connected industrial-control systems are frequently targeted by online attackers.

The company’s researchers set up fake industrial control systems, made them appear valuable and logged 39 attacks over 28 days against the spoofed systems, the company stated in its report.

Varied sources

While the US has called out China for its attacks against sensitive industries, the attacks detected by Trend Micro have come from Internet addresses in 14 different nations. IP addresses in China accounted for about a third of the attacks, while Laos and the United States came in second and third, respectively.

The experiment, which occurred in 2012, underscores that attackers are continuously probing these important systems.

While the ICS-CERT reportedly informed industry members of the specific IP addresses that were involved in the attacks, creating block lists based on such quickly changing attributes does not work very well, Norse’s Stiansen said.

“The use of IP block lists described in the report often give admins a false sense of security,” Stiansen said. “Today cyber criminals can setup and launch attacks using botnets and other compromised hosts, quickly changing the IP address and obfuscating the location of the actual attackers.”

Are you a security pro? Try our quiz!

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

UK Government Partners Anthropic AI To Improve Public Services

Anthropic confirms Memorandum of Understanding (MOU) signed with UK government to explore use of AI…

2 hours ago

ARM Shares Rise Amid Report Meta Will Purchase Its First Chip

British chip designer ARM Holdings is reportedly developing its own chip, and Meta is one…

3 hours ago

TikTok Returns To Apple, Google Stores In US

TikTok returns to app stores of both Apple and Google in the United States, after…

5 hours ago

Meta To Show Marketplace Ads From Rival Ad Providers

After huge fine, Meta launches 'Facebook Marketplace Partner Program' so rival service providers can list…

22 hours ago

Improved Indoor Connectivity Could Add Billions To UK Economy – Survey

New research from Freshwave finds a better mobile signal indoors could grow the UK economy…

1 day ago

Musk Says He Will Withdraw OpenAI Bid If It Remains Non-Profit

Elon Musk says he will abandon $97.4 billion offer to buy the non-profit behind OpenAI…

1 day ago