Supervisory control and data acquisition systems for industrial facilities and utilities are increasingly being targeted by cybercriminals. Also apparent is a shift away from attacks by way of e-mail with attachments or links toward attacks by way of "drive-by" infections of websites. These are two of the main topics of the ninth semi-annual report of the Reporting and Analysis Centre for Information Assurance (MELANI). The report assesses the situation in the first half of 2009 and is now available at www.melani.admin.ch.
In addition to current threats such as the Trojan Gozi, the misuse of Swiss e-mail accounts, and the targeted distribution of e-mails containing malware to company executives, the report is dedicated to the increasing threat to SCADA systems and the increase in drive-by infections.
SCADA systems under threat
Supervisory control and data acquisition (SCADA) systems are used to supervise, monitor, and control industrial facilities and infrastructures for distributing vital goods such as electricity, water, and fuel, and are also used for transport and traffic. Their use would be unthinkable without information and communication technology (ICT). Today's SCADA systems increasingly use Internet technologies to communicate with the central computer. This entails that SCADA systems are exposed to the same threats that we already know from the Internet, such as malware and hackers. The security of these systems, which are crucial to the smooth functioning of our society, must be enhanced. The goal is not only to make hacker attackers (sabotage) more difficult, but also to minimise potential technical failures that can lead to the breakdown of important systems.
Increase in drive-by infections
A clear shift of attack vectors can be observed in the dissemination of malware. The classic path of spreading malware via e-mails with attachments or links does not work as well anymore, since users now react more sensitively and do not click on every link contained in an e-mail or open every strange-looking attachment. For this reason, attackers increasingly hack websites and plant malicious code so that the computer of a visitor is infected with malware simply by surfing onto the website (drive-by). Hackers often attack reputable and popular websites. Search engines play a role that should not be underestimated. Attempts are made to compromise websites that have a high ranking for popular search terms and are poorly protected or exhibit vulnerabilities.
Adresse für Rückfragen:
Max Klaus, Deputy Director of the Reporting and Analysis Centre for Information Assurance (MELANI), Federal Strategy Unit for IT (FSUIT), Tel. +41 (0)31 323 45 07
