Researchers have created a device for local attacks on SCADA systems
Image: Green Mamba , CC BY-ND 2.0
At the BSides conference held in London, researchers from the British company INSINIA told that they managed to create a device for conducting local attacks on SCADA systems.
If this gadget is connected to the IT infrastructure of the enterprise, it will be able to collect information about the network device, as well as send commands to industrial equipment controllers to stop the technological processes.
Breaking the plant and four lines of code
The device is a microcontroller on the Arduino. If it is physically installed in the infrastructure, the gadget quickly scans the network in order to find controllers connected to them (PLC). In the future, it can send commands to the controllers, including to stop the equipment. According to the researchers, to “interrupt the industrial process you need only four lines of code.”
At the same time, in the event of such an attack, simply restarting the target system will not solve the problem - after all, the malicious device can turn off the equipment again before its detection.
Is it possible to protect
To establish the fact of such an attack, when an attacker with access to the infrastructure, installs a malicious device, it is usually very difficult. It is almost impossible to detect such an unauthorized connection without automated monitoring tools.
As a result, for the personnel of an industrial facility, the consequences of an attack will look like strange malfunctions, the search for the source of which can take a very long time for which the system will stand idle.
On Thursday, June 12, at 14:00 , within the framework of the free webinar of Positive Technologies, an expert on information security of industrial systems Roman Krasnov will talk about how to use PT ISIM product to ensure the protection of the process control system. The system was reworked, for example, the PT ISIM netView Sensor component appeared in it, which facilitates solving daily tasks of IS specialists of the automated process control system, such as monitoring the network, controlling its composition and configuration of nodes, managing events and incidents.
To participate in the webinar registration is required .