The Gaspot Experiment: How Gas-Tank-Monitoring Systems Could Make Perfect Targets for Attackers
View research paper: The GasPot Experiment
Healthcare devices, industrial systems, web servers, traffic light control systems, home routers, and other programmable, interconnected devices are among some of the things that could be exposed and targeted by attackers—given that they have an Internet facing component. Because very little security is implemented in these devices, they make for perfect targets of opportunity.
As reported earlier this year, an automated tank gauge (ATG) could be accessed remotely by online attackers and possibly trigger alerts and shut down the flow of fuel. In addition, several Guardian AST gas-tank-monitoring systems have suffered electronic attacks, possibly driven by hacktivist groups like Anonymous. In a TrendLabs Security Intelligence Blog post, researcher Kyle Wilhoit outlines that “When investigating and hunting for gas pumps, attackers use a multitude of tools and techniques to find and track these devices. One of these tools which is quite prominent, is the site Shodan, which is a search engine for inter-connected devices. Queries in Shodan will show a multitude of data points including tank name, command issued, volume, height, water, and the temperature of the tank.”
Though we have previously discussed security issues involving Internet of Things (IoT) devices, unsecured industrial or energy systems and devices can result in critical errors and damage—such as massive outages and other real world implications.
The research paper The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems takes a closer look at how and why supervisory control and data acquisition (SCADA) and ICS systems can be attractive and possibly profitable venues for attackers. The paper also discusses the implications that highlight the lack of security awareness surrounding Internet-connected devices, especially when it comes to systems and devices like gas-tank monitoring systems that could result in real world ramifications.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases