Trend Micro Uncovers Attacks on Internet-Connected Petrol Stations

Petrol station monitoring systems are under attack all over the world, some by possible nation state allied hackers, according to new research from Trend Micro.

The cyber security giant explained in new research presented at Black Hat 2015 that attacks against these unsecured SCADA systems are no longer theoretical.

The firm built and deployed worldwide a honeypot dubbed ‘GasPot’ to log connections and compromise attempts.

What the researchers found were attacks designed to grab data on petrol tanks as well as others that changed the name of tanks – including one instance where a tank was branded with the Anonymous tag line “WE_ARE_LEGION.”

Another’s name was changed to “H4CK3D by IDC-TEAM.” The Iranian Dark Coders Team is a pro-Iran hacktivist group known for website defacements and malware distribution, Trend Micro said.

Tanks in the US (44%), Jordan (17%), Brazil (11%), UAE (11%), the UK (11%), and Russia (6%) were attacked.

The report explained:

“One of the attacks against a US-based GasPot was not against the system itself. It was a distributed denial of-service (DDoS) attack against a GasPot instance for a period of two days. At its height, the attack was roughly around 2Gbps and appeared to be a Low-Orbit Ion Cannon (LOIC)-tool-based DDoS attack. It was observed on a GasPot deployed in the Washington DC area. Based on evidence, it was believed to have been caused by the Syrian Electronic Army (SEA).”

Although the attacks in question were against Guardian AST petrol tank monitoring systems, Trend Micro claimed the research shows a lack of awareness in general about securing internet-connected devices and SCADA systems – of which automatic tank-gauging (ATG) systems are just one type.

Using the same tools and techniques, attackers could easily cause a dangerous petrol overflow, by setting a tank overflow limit to a value beyond its capacity, or cause other operational issues which could lead to petrol stations running out of fuel or mislabeling different types of fuel.

Everything from hacktivist pranks to extortion and small scale sabotage is on the cards given the poor security around such systems, Trend Micro warned.

“Threat actors can use the information visible on Internet-facing ATG systems to perform preliminary reconnaissance for highly industry-specific targeted attack campaigns,” the report claimed.

What’s Hot on Infosecurity Magazine?