China Hackers Keenest On Industrial System Attacks – Trend Micro

Chinese hackers are the keenest when it comes to hitting industrial control systems, research from a major security firm has indicated.

Industrial control systems help run nations’ critical infrastructure, and are increasingly coming under attack. The Stuxnet malware infamously targeted supervisory control and data acquisition (SCADA) networks in Iran, hitting a nuclear facility and setting back uranium enrichment processes.

For its study, Trend Micro set up three separate honeypots, which were designed to look like genuine industrial machines, connected to the public Internet. One was based on Amazon’s public cloud, another on a private Dell server, whilst the final one included an actual Programmable Logic Controller (PLC) controller, as used in such systems.

Trend tricks hackers

It took just 18 hours for attacks to occur on the fake SCADA set-ups. Over a 28-day period, the honeypots were attacked 39 times from 11 different countries. China accounted for the majority of the attack attempts at 35 percent, followed by the US on 19 percent. The UK accounted for eight percent.

“The findings concerning the deployments proved disturbing,” Trend said in its report, delivered during the Blackhat Europe conference in Amsterdam today.

“In addition to the many attacks seen on the honeypot environment, there was also a surprising number of malware exploitation attempts on the servers.

“Utilising the popular malware honeypot, Dionaea, four samples were collected over the testing time frame, two of which have not been seen in the wild as they had unique MD5 checksums.”

SCADA systems have been shown to be widely vulnerable over the last year. Research conducted by ICS-CERT recently discovered that in 2012 alone, 171 unique vulnerabilities affected 55 different ICS vendors.

It is easy to determine what SCADA systems are connected to the Internet. Tools such as Shodan can also help attackers figure out where vulnerable industrial controls are hooked up, whilst Pastebin contains lots of valuable information, such as relevant IP addresses

Trend had to contact a number of companies who had such systems attached to the Internet with no security mechanisms preventing unauthorised access.

“Until proper [industrial control system] security is implemented, these types of attack will likely become more prevalent and advanced or destructive in the coming years,” the security firm added.

The Chinese government has repeatedly been implicated as the culprit behind various attacks on US companies, including Facebook, Twitter and the New York Times. It has denied all accusations.

Yet it is only the US, which is thought to have been behind Stuxnet, that has been implicated in serious SCADA attacks with real-world, destructive consequences.

How well do you know Apple? Take our quiz.

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UN Body To Protect Subsea Cables Holds First Meeting

United Nations body to protect undersea communications cables that are crucial for international trade and…

17 hours ago

Meta Donates $1 Million To Donald Trump Inauguration Fund

Weeks after CEO Mark Zuckerberg met with Donald Trump privately at Mar-a-Lago, comes news of…

18 hours ago

US To Raise Tariffs On Chinese Solar Wafers, Polysilicon, Tungsten

Protecting American clean energy businesses. Biden administration plans to raise tariffs on certain Chinese products

19 hours ago

Australia To ‘Charge’ Tech Firms For News Content, After Meta Ends Licensing Deal

News fee. Australia looks introduce mandatory charge on social media platforms and search engines to…

20 hours ago