Is critical infrastructure any more secure than it was a year ago, or five years ago? Well according to three different reports from experts, it doesn’t seem like it. Instead, it seems like critical infrastructure is a ripe target that is pretty sweet for attackers. We’ll look at three different cybersecurity reports about hacking critical infrastructure, ranging from small dish satellite systems (VSATs) to taking full control of industrial control systems. Over 10,500 small dish satellite systems vulnerable to cyber attacks.

10000_vsat_small_dish_satellite_systems_waiting_to_be_hacked-100387821-orig

We’ll start with very small aperture terminals, or VSATs, which are small satellite dish-based computer systems, that provide broadband Internet access to remote locations, or transmit point of sale credit card transactions, SCADA and other narrowband data. There are over 2.9 million active VSAT terminals in the world, with two-thirds of those devices the U.S., being used in the defense sector to transmit government and classified communications, used by financial industries like banks to transmit sensitive data, and used by the industrial sector such as energy to transmit from power grid substations, or oil and gas to transmit from oil rigs. Over 10,000 of those devices are “open” for targeted cyber attacks.

In fact, after running a scan, Cyber intelligence firm IntelCrawler found that many of the “VSAT devices have telnet access with very poor password strength, many times using default factory settings. The fact that one can scan these devices globally and find holes is similar to credit card thieves in the early 2000’s just googleing the terms ‘order.txt’ and finding merchant orders with live credit cards.”

IntelCrawler discovered VSAT devices connected “to many interesting devices all over the world, starting from Alaska climate metering systems to industrial control devices in Australia.” Regarding interesting government and classified communications in “clear and present danger for hacks,” they mentioned the Ministry of Civil Affairs of China infrastructure and the Ministry of Foreign Affairs of Turkey.

“We found thousands and thousands of these systems with what are essentially their digital front doors left wide open,” IntelCrawler’s president Dan Clements told CS Monitor. “Someone needs to be aware that there are vulnerabilities here that could affect critical infrastructure, including utilities and financial systems.”

vsat_satellites_are_easily_visible_in_google_maps_and_google_earth-100387822-orig
VSAT satellites are easily visible in Google maps and Google Earth

Some of the small VSAT satellites are easily visible in Google maps and Google Earth. “There’s a lot of information that could be used in a nefarious way,” Clements said. “Certainly you could put together a plan to go after certain grids or dams or power plants and have access to the centralized network at some point.”

Targeted cyber attacks on the energy sector

Attackers target the energy sector “to steal intellectual property on new technology, like wind or solar power generators or gas field exploration charts.” But “the sector is also a major target for sabotage attacks, which will not generate direct profit for the attacker. Such disruptive attacks do already happen and may lead to large financial losses. State sponsored agents, competitors, internal attackers or hacktivists are the most likely authors of such sabotage attacks.”

Modern energy systems are increasingly complex. “There are supervisory control and data acquisition (SCADA) or industrial control systems (ICS) that sit outside of traditional security walls,” Symantec explained. “And as smart grid technology continues to gain momentum, more new energy systems will be connected to the Internet of Things, which opens up new security vulnerabilities related to having countless connected devices.” Additionally, “the increasing number of connected systems and centralized control for ICS systems means that the risk of attacks in the future will increase.”

Speaking of critical SCADA systems online and the risks to them…after finding more than 60,000 exposed control systems online, two Russian security researchers found vulnerabilities that could be exploited to take “full control of systems running energy, chemical and transportation systems.”

At the Chaos Communication Congress, 30C3, Positive Research chief technology officer Sergey Gordeychik and consultant Gleb Gritsai said they demonstrated “how to get full control of industrial infrastructure” to the energy, oil and gas, chemical and transportation sectors. “The vulnerabilities,” according to the Australian IT News, “existed in the way passwords were encrypted and stored in the software’s Project database and allowed attackers to gain full access to Programmable Logic Controllers (PLCs) using attacks described as dangerous and easy to launch.”

They probed and found holes in “popular and high-end ICS and supervisory control and data acquisition (SCADA) systems used to control everything from home solar panel installations to critical national infrastructure.” There are also numerous vulnerabilities in “home systems — exposed to the public internet and at risk of attack.”

In one case, the researchers responsibly disclosed a “vulnerability in the cloud SCADA platform Daq Connect which allowed attackers running a demonstration kiosk to access other customer installations.” The vendor’s totally unhelpful response was to tell the researchers “to simply ‘not do’ the attacks.”

The SCADA Strangelove project has identified more than 150 zero-day vulnerabilities in SCADA, ICS and PLCs, with five percent of those being “dangerous remote code execution holes.” At 30C3, they released an updated version of THC-Hydra, “a password-cracking tool that targeted the vulnerability in Siemens PLC S-300 devices,” and a “Pretty Shiny Sparkly ICS/SCADA/PLC Cheat Sheet,” identifying almost 600 ICS, PLC and SCADA systems, so you too can “become a real SCADA Hacker.”

About SkyFidelity

SkyFidelitys’ core strength is bringing in satellite internet to customers and distributing the feed for live streaming video, VOIP , email, texting and other internet based communications where there is no existing fiber or cable internet available in the area. SkyFidelity combines satellite internet “footprints” with industrial strength WiFi Access Points that can withstand the environment to create a “WiFi Internet Cloud”. SkyFidelity also focuses on industries where we offer live streaming camera surveillance as well as WiFi hot spots providing a “communications corridor” in remote locations.

Contact SkyFidelity

Timothy P. Peabody
Chief Executive Officer
Phone: 949-420-0678
timothy.peabody@skyfidelityinc.com

Robert Buck
Director of Sales
Phone: 949-436-0462
robert.buck@skyfidelityinc.com

Shawn Schaper
Phone: 727-385-0164
shawn.schaper@skyfidelityinc.com