Industrial Control Equipment May be Vulnerable to New Style of Attacks: Report

By

Security experts have been able to replicate quickly and inexpensively last year's high-profile attacks on computerized industrial control equipment in power plants in Iran – breaches that were known at the time as being so sophisticated they could only have been pulled off by a nation-state or a well-financed group of investors, according to the Associated Press.

The news could predict a new round of attacks on facilities that utilize electronic controller systems like the ones that were targeted by the Stuxnet worm in Iran.

In September of 2010, computer security company Symantec said that the Iran attacks "would not be easy for a normal group to put together," and would have to be initiated by individuals with intimate knowledge of industrial control systems.

But a year later, security researchers like Dillon Beresfordr have identified as many as a dozen vulnerabilities in the same kind of industry controllers as those used in Iran. What is worse, Beresfordr did it on his own in just two months, while investing only $20,000 in the project, says the AP.

"What all this is saying is you don't have to be a nation-state to do this stuff. That's very scary," Joe Weiss, an industrial control system expert, told the news source. "There's a perception barrier, and I think [Beresfordr] crashed that barrier."

The difficulty with mitigating attacks like those against Iran is that industrial controllers are very expensive and have large shelf-lives. This makes replacing the systems a major project for every company, government or facility that utilizes them.

Unfortunately, the AP references several examples of consulting firms that found multiple vulnerabilities in power plants, correctional facilities and other U.S.-based institutions that rely on industrial controllers.

Compounding the report is the fact that researchers have identified a new malicious program based on the infamous Stuxnet worm. Symantec – which discovered the malware, dubbed Duqu – said that it shares a lot of Stuxnet's code and compares equally in terms of sophistication.

“Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party,” the Symantec researchers said. “The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

So far, Duqu has only affected a few organizations in Europe, says Symantec.


Beecher Tuttle is a TechZone360 contributor. He has extensive experience writing and editing for print publications and online news websites. He has specialized in a variety of industries, including health care technology, politics and education. To read more of his articles, please visit his columnist page.

Edited by Rich Steeves

Get stories like this delivered straight to your inbox. [Free eNews Subscription]

TechZone360 Contributor

SHARE THIS ARTICLE
Related Articles

Enhancing Cybersecurity Measures for Modern Businesses

By: Contributing Writer    7/2/2025

Cyberattacks are rising, and businesses of all sizes feel the pressure. Small companies often think they're too small to be targets. They aren't. Hack…

Read More

Lessons Learned from Enterprise Oracle Cloud Migrations

By: Contributing Writer    7/1/2025

Switching to Oracle Cloud can feel daunting. Security risks, unexpected expenses, and performance troubles often turn what seems like an effortless up…

Read More

Protecting Business Assets with Smarter Security Frameworks

By: Contributing Writer    7/1/2025

Protecting your business is more challenging than ever. Cyber threats are increasing every day. Hackers target small and large businesses alike, searc…

Read More

Emerging Trends in Technology and Their Impact on Future Innovations

By: Contributing Writer    7/1/2025

Technology is changing faster than ever. Business owners often struggle to keep up. What's trending today might be outdated tomorrow. Falling behind c…

Read More

Tech Podcast Award Winners Bring Excitement and Enthusiasm to a Range of Important Tech Topics

By: TMCnet Staff    6/18/2025

Tech Podcast Award winners produce engaging, informative, and often entertaining content, bringing valuable insight from industry front lines to the e…

Read More