ICS-CERT issues search engine and exploit tool alert to critical infrastructure operators


Operators of industrial control systems should be aware that hacktivists have at their disposal search engines that identify Internet-connected systems typically overlooked by mainstream web crawlers as well as easy-to-access low cost or free exploit tools, says the Homeland Security Department.

In an alert (.pdf) issued Oct. 25, the DHS Industrial Control Systems Cyber Emergency Response Team says it's been contacted by researchers who used the SHODAN  internet-connected device search engine to identify more than 500,000 control system-related devices. Hackers also have access to the Every Routable IP Project to identify Internet-connected systems and devices as well, the warning notes.

In addition, in February, several independent researchers released exploit tools specially targeting programmable logic controllers, the purpose-built computers that are the building blocks of industrial control systems, ICS-CERT says.

Those tools include modules that can be plugged into code development frameworks such as Metasploit, the warning says, adding that modules have been released to target the programmable logic controllers of major vendors including General Electric, Schneider Electric, Rockwell Automation and Koyo.

Operators should audit their networks to search for Internet-facing devices, ICS-CERT advises; control system devices should not directly face the Internet, the alert states.

For more:
- download the ICS-CERT alert  

Related Articles:
DHS issues warning on widely used industrial control system software 
Cyber attacks on critical infrastructure could have been foiled with common precautions 
Flame and Stuxnet were developed together early on, says Kaspersky Lab