Many of the environments where supervisory control and data acquisition (SCADA) systems are deployed do not have stringent security practices, noted McAfee’s 2012 Threat Predictions report.
“There are a lot of different people looking at infrastructure, SCADA, utilities, energy. It’s an area that we think is going to be a big deal in 2012….What you are looking at is unpreparedness”, said Dave Marcus, director of research and communications at McAfee Labs.
Marcus told Infosecurity that the “most fascinating thing" about the Duqu attack against industrial systems was that it used rogue certificates. “That is a big deal, because it undermines the trust in secure socket layers and secure website communication; if you are going to generate rogue keys and fake certificates, that undermines the underlying trust in the operating system”, he said.
Duqu also demonstrated advancements in rootkits, Marcus noted. “We are seeing a lot more targeting of lower layers of the operating system. We think we will see more hardware and BIOS [basis input/output system] targeting, and even targeting of the master boot record….Duqu had a lot of that stealth rootkit activity.”
In its report on Duqu, Symantec judged that it is “essentially the precursor to a future Stuxnet-like attack” against industrial control systems. These systems are used to control everything from nuclear power plants and the electricity grid to oil pipelines and large communication systems.
Another area of concern expressed by McAfee Labs is virtual currency, which has become a popular way for people to exchange money online. These online wallets are not encrypted and the transactions are public, making them an attractive target for cybercriminals.
McAfee Labs expects to see this threat evolve into spam, data theft, tools, support networks, and other associated services dedicated to exploiting virtual currencies in order to steal money from victims or to spread malware.
“This is almost custom-made for malware attacks and harvesting….Virtual currency is decentralized and it starting to gain in popularity”, Marcus said.
In addition, McAfee Labs expects to see proof-of-concept codes exploiting embedded systems in cars, medical devices, GPS devices, printers, and other devices become more effective in 2012 and beyond. This will require malware that attacks the hardware layer, enabling attackers to gain greater control and maintain long-term access to the system and its data. Sophisticated hackers will then have complete control over hardware.
“There has been a lot of research and proof-of-concept code being developed to attack the hardware and get code to replicate within those embedded systems. So we are seeing a drive from attackers … to do malicious thing through embedded hardware”, Marcus said.