Attackers will increasingly leverage the lack of cybersecurity preparedness of utilities and other critical infrastructure in 2012, predicts McAfee Labs.
Many of the environments where supervisory control and data acquisition (SCADA) systems are deployed do not have stringent security practices, noted McAfee’s 2012 Threat Predictions report.
“There are a lot of different people looking at infrastructure, SCADA, utilities, energy. It’s an area that we think is going to be a big deal in 2012….What you are looking at is unpreparedness”, said Dave Marcus, director of research and communications at McAfee Labs.
Marcus told Infosecurity that the “most fascinating thing” about the Duqu attack against industrial systems was that it used rogue certificates. “That is a big deal, because it undermines the trust in secure socket layers and secure website communication; if you are going to generate rogue keys and fake certificates, that undermines the underlying trust in the operating system”, he said.
Duqu also demonstrated advancements in rootkits, Marcus noted. “We are seeing a lot more targeting of lower layers of the operating system. We think we will see more hardware and BIOS [basis input/output system] targeting, and even targeting of the master boot record….Duqu had a lot of that stealth rootkit activity.”
In its report on Duqu, Symantec judged that it is “essentially the precursor to a future Stuxnet-like attack” against industrial control systems. These systems are used to control everything from nuclear power plants and the electricity grid to oil pipelines and large communication systems. More
