Public ICS Intrusion Tools “Lower the Bar” for Hackers

Attack tools designed to target industrial control systems (ICS) are becoming more widespread, raising risk levels for CISOs in affected sectors, according to FireEye.

The security vendor warned that while attacks on OT systems usually require a “high level of skill and expertise” on the part of the hackers, various publicly available tools and exploit modules, often released by white hat researchers, are “making it easier to bridge the knowledge gap.”

The majority analyzed by FireEye were network discovery (28%) and software exploitation (24%) tools, with most designed to be vendor agnostic, or developed to target products from the largest ICS OEMs like Siemens, which accounted for 60% of vendor-specific ICS tools.

Software exploit modules are particularly attractive to budding ICS attackers who may have lower skill levels, the firm claimed.

Developed to automate exploits for specific vulnerabilities, they’re added to legitimate exploit frameworks like Metasploit and Core Impact, or ICS-specific ones like Autosploit, Industrial Exploitation Framework (ICSSPLOIT), and the Industrial Security Exploitation Framework.

The freely available Metasploit framework, used by pen testers, was highlighted by FireEye as particularly useful for cyber-criminals.

Organizations should ensure they understand the scale of the threat to ICS platforms presented by abuse of such frameworks by hackers, FireEye concluded. That's because equipment vulnerable to exploits which use these known tools is “low-hanging fruit” for a range of attackers.

“Awareness about the proliferation of ICS cyber-operation tools should serve as an important risk indicator of the evolving threat landscape. These tools provide defenders with an opportunity to perform risk assessments in test environments and to leverage aggregated data to communicate and obtain support from company executives,” it said.

“Organizations that do not pay attention to available ICS cyber operation tools risk becoming low-hanging fruit for both sophisticated and unexperienced threat actors exploring new capabilities.”

What’s Hot on Infosecurity Magazine?