LAS VEGAS—A pair of researchers from Trend Micro set up honeypots to look at what kind of attacks are targeting gasoline pumps and related technology.
Turns out there were quite a few attacks—at least 23—between February and July, where adversaries modified information associated with gas pumps, Trend Micro’s Kyle Wilhoit and Stephen Hilt said at the Black Hat security conference here. The duo observed 12 pump identifications, four pump modifications, and two distributed denial of service or denial of service attacks.
The network is a noisy place. There are pings, port scans, and all kind of probing attacks. Wilhoit and Hilt categorized an attack as commands which resulted in some kind of failure, malware, or denial of service attacks. In their research, they found that a DoS or DDoS attack could disrupt inventory control and distribution, which means gas stations may not have enough supply on hand. Changing pump names could result in the wrong fuel being added to a tank—such as putting Unleaded inside Premium, or vice versa. Drivers wouldn’t like that. Or changing the pump volume could result in tanks being underfilled.
Wilhoit and Hilt created Gaspot, a honeypot that mimics automated tank gauges. ATGs monitor the volume, temperature, and water content of underground tanks at gas stations and tell gas station owners and fuel distributors when the level of fuel in the tanks get low. As part of the research project, the researchers deployed 10 systems across the U.S., Brazil, U.K., Jordan, Germany, United Arab Emirates, and Russia. The Gaspot pretended to be the Guardian AST Monitoring System, a specific brand of ATGs widely deployed in gas stations.
The researchers released the honeypot code on Github as well as the research paper.
Many of these systems—earlier this year, Rapid7 identified about 5,800 of them worldwide—are connected to the Internet without a password. And since documentations for the ATGs are readily available, anyone can find these ATGs and send valid commands to change tank names, alter fuel types, disrupt fuel deliveries, and change the tank’s volume.
There has been a lot of interest among security researchers about vulnerabilities in industrial control systems recently, especially as worries grow about a potential attack against critical infrastructure. No one wants to see the power grid fail or a water utility compromised. Wilhoit and Hilt were not worried about attackers launching attacks from the Internet to blow up gas stations, but noted these attacks could be used as part of reconnaissance tasks for other operations.
The U.S.-based honeypots sustained the most attacks, with Jordan being a close second, researchers found. Attribution is difficult—a point Wilhoit made several times during his talk—but the data suggests the Syrian Electronic Army or Iranian Dark Coder could be behind these attacks.
What’s interesting about the Trend Micro research is that the project focuses on non-critical infrastructure, but there are lots of parallels that can be drawn between the two.
Like industrial control systems in use in critical infrastructure, the ATGs aren’t protected. Some products let operators assign a four-digit numeric PIN (from 0-9) on the devices, but the feature is not enabled by default or widely available. Better protections, such as stronger authentication requirements and the ability to restrict access, would help deter these attacks, the researchers said.
View the original content and more from this author here: http://ift.tt/1Pg1A9h
from critical infrastructure alliance http://ift.tt/1MfmaXB
via IFTTT
No comments:
Post a Comment