Tampered US Gas Pumps Point to Anonymous Group
In a thorough investigation of gas pumps that use the Guardian aboveground storage tanks (AST) monitoring system in the United States, threat researchers Kyle Wilhoit and Stephen Hilt found one particular unit tampered with. Attackers changed the pump name from “DIESEL” to “WE_ARE_LEGION.”
“The group Anonymous often uses the slogan ‘We Are Legion,’ which might shed light on possible attributions of this attack. But given the nebulous nature of Anonymous, we can’t necessarily attribute this directly to the group,” says Wilhoit, a senior threat researcher from Trend Micro.
[Read: Is Anonymous Attacking Internet Exposed Gas Pump Monitoring Systems in the US?]
Thousands of Online SCADA Devices Still at Risk
The affected system was only one from a total of 1,515 gas pumps in the US that the researchers found connected to the Internet but virtually unsecured from possible attacks.
This development comes at the heels of news that more than 5,000 Internet-facing gas station pumps are also vulnerable to remote access attacks that can lead to the shutdown of these stations.
There is a two-headed problem with current industrial control systems (ICS)/ SCADA like gas pump systems, which are used to operate and/or automate industrial processes. The first problem is that they're easily found on the Internet.
“Through the power of the Internet, one can easily perform some Google-dork searches and find embedded systems that are exposed to the web, some of which have been so since 2010 or even earlier,” remarks Wilhoit in a paper on SCADA systems in 2013.
Second, Wilhoit also noted how these systems did not have security mechanisms in place to prevent unauthorized access.
[Read: Who Is Really Attacking Your ICS Devices?]
Moreover, we have already seen other systems and operations that have been put in danger because of insecure ICS systems. Early this year, we reported of attackers with knowledge in IT security and ICS processes causing massive damage to a German steel plant in 2014. This incident was confirmed by the German government and was dubbed the second cyber attack to ever cause physical damage since the highly sophisticated Stuxnet malware wreaked havoc to the Natanz uranium enrichment plant in Iran.
[Read: German Steel Plant Suffers Significant Damage from Targeted Attack]
Operators of these systems should level up in terms of security, given the amount of damage that a breach or attack can incur, not just to the company but also to those who rely on them. Imagine what would happen if water or power distribution systems were affected.
[Read: Basic Steps to Protect Your ICS/SCADA Environment]
Security is a must. Fill it up, would you?
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases