Dell’s 2015 Security Threat Report found that cyber attacks against industrial/manufacturing targets doubled in the past year. Attacks on supervisory control and data acquisition (SCADA) systems often go underreported, so the number can be much larger than the amount found in this report, as companies are only required to report security breaches that affect personal or payment information.
“Specifically, Dell saw worldwide SCADA attacks increase from 91,676 in January 2012 to 163,228 in January 2013, and 675,186 in January 2014.
“The majority of these attacks targeted Finland, the United Kingdom and the United States, likely because SCADA systems are more common in these regions. The report indicated that, unlike point-of-sale (POS) attacks, which tend to be financial in nature, SCADA attacks are political.”
Methods of Attack
Hackers made their way into SCADA systems using the following methods of attack:
- Buffer overflow vulnerabilities (25%)
- Improper input validation (9%)
- Information exposure (9%)
- Resource management errors (8.26%)
- Permissions, privileges and access controls (7.44%)
“Patrick Sweeney, executive director of Dell Security, said, ‘This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will to continue to grow in the coming months and years.'”
The Impact and What You Can Do About It
Cyber attacks against industrial targets can have a devastating effect on the economy and national security. Remember the Stuxnet computer worm that destroyed Iran’s nuclear centrifuges?
Dell’s report made recommendations on how to prevent SCADA attacks, including:
- Restricting USB ports
- Disabling Bluetooth
- Keeping all software and systems up to date
- Only allowing network connections from approved IPs
- Reporting and sharing information about SCADA attacks
Reporting SCADA attacks can help increase threat awareness for the industrial community as a whole as some companies don’t realize just how at-risk they are until their system has already been breached.
“‘Everyone knows the threats are real and the consequences are dire, so we can no longer blame lack of awareness for the attacks that succeed,’ Sweeney said. ‘Hacks and attacks continue to occur, not because companies aren’t taking security measures, but because they aren’t taking the right ones.'”
One way to immediately rectify the situation if your systems are attacked would be to restore a trusted snapshot in the time it takes to reboot. InstantRecovery system and data recovery software for PCs and servers can do just that.
Unlike Windows System Restore, InstantRecovery allows you to instantly recover a pristine snapshot from before the point of attack, while recovering all selected data in its most recent state at the time of attack. This way, you can immediately get your systems back up and running to avoid costly downtime.