Industrial operations leverage SCADA systems to control remote equipment and collect data on that equipment’s performance.
Consequently, Dell reports that attacks against SCADA systems are on the rise, and tend to be political in nature as they target operational capabilities within power plants, factories, and refineries.
Dell SonicWALL saw an increase in SCADA attacks against its customer base this year.
· 2014 saw a 2x increase in SCADA attacks compared to 2013.
· The majority of these attacks targeted Finland, the United Kingdom, and the United States; one likely factor is that SCADA systems are more common in these regions and more likely to be connected to the Internet.
· Buffer overflow vulnerabilities continue to be the primary point of attack.
“Since companies are only required to report data breaches that involve personal or payment information, SCADA attacks often go unreported,” Sweeney adds.
“This lack of information sharing combined with an ageing industrial machinery infrastructure presents huge security challenges that will to continue to grow in the coming months and years.”
2015 and beyond
Dell’s Threat Report also identified the following trends and predictions:
· More organisations will enforce security policies that include two-factor authentication. Along with this development we will see an increase in attacks against these technologies.
· Android will remain a hot target for malware writers. Dell expects new, more sophisticated techniques to thwart Android malware researchers and users by making the malware hard to identify and research.
So much so that the emergence of more malware for Android devices targeting specific apps, banks, and user demographics, along with more malware tailored for specific technologies, such as watches and televisions, is expected.
· As wearable technology becomes more widespread in the next year, expect to see the first wave of malware targeting these devices.
· Digital currencies including Bitcoin will continue to be targeted; Botnets will be involved in the digital currency mining attacks.
· Home routers and home network utilities, such as surveillance systems, will be targeted and perhaps used to assist large DDoS attacks.
· Electric vehicles and their operating systems will be targeted.