DDoS Attacks Targeting Critical Infrastructure, Europol Warns

ddos attacksDDoS attacks are being used to target critical infrastructure, warned European law enforcement agency Europol in its 2018 Internet Organised Crime Threat Assessment report.

Last year, a DDoS attack crippled train networks in Sweden by targeting internet service providers. Another attack shut down communications on the Finnish Aland Island after a telecom provider was targeted.

Europol noted that DDoS attacks are becoming more accessible and involve low cost and low risk for attackers.

DDoS attackers are increasingly using botnets of infected IoT devices to carry out their attacks. The Mirai botnet in 2016 is just one example.

This week, the Department of Justice said the creators of the Mirai botnet cooperated with the FBI and were given five years’ probation.

Close to two-thirds of EU law enforcement reported cases of DDoS attacks last year. And one-third of those emphasized the growing number of cases.

More than one-third of organizations faced a DDoS attack last year, compared to 17 percent in 2016, according to ENISA. Other reports cited by Europol indicated that DDoS attacks accounted for around 70 percent of incidents that compromised network integrity.

DDoS-for-Hire Services on the Rise

One of the reasons for the increase in DDoS attacks is the use of booters or stressers. These are DDoS-for-hire services that provide access to botnets for a small fee. The use of these services is making it much easier for unskilled attackers to launch major DDoS attacks.

In April of this year, the operators of the DDoS marketplace webstresser.org were arrested as result of Operation Power Off. This was an investigation led by Dutch Police and the British National Crime Agency with support from Europol and a dozen law enforcement agencies.

Webstresser.org was the largest DDoS marketplace with more than 136,000 registered users and 4 million attacks. When it was shut down, there was a 60 percent decrease in DDoS attack across Europe, the report noted.

Critical Infrastructure Protection Firm Indegy Raises $18M in Financing Round

critical infrastructure protection
Photo by Zorba the Greek

Critical infrastructure protection firm Indegy closed Aug. 28 on an $18 million Series B round of financing led by Liberty Technology Venture Capital, a subsidiary of Liberty Media.

Energy firm Centrica, O.G. Tech Ventures, and existing investors Shlomo Kramer, Magma Venture Partners, Vertex Ventures, and Aspect Ventures also participated in the financing round.

Centrica supplies energy and services to 25 million customers mainly in the UK, Ireland, and North America through British Gas, Direct Energy and Bord Gáis Energy. Centrica made the investment through its Innovations arm.

“With a growing customer portfolio that spans 35 countries, we’re working to bring businesses world-leading energy management solutions that will allow customers to take greater control of their energy,” said Christophe Defert, vice president of ventures for Centrica Innovations.

“In an increasingly connected world, we’re looking forward to working with Indegy as we explore ways to deploy distributed energy resources with the optimal security solution.”

Indegy will use the money to accelerate growth and expand market initiatives for its critical infrastructure protection suite of products, which protect systems used in manufacturing, energy, water, pharmaceuticals, and other critical infrastructures from cyberattacks.

“Recent reports by the DHS and FBI regarding attacks against critical infrastructures have created a greater sense of urgency among industrial organizations to shore up their defenses, and produced a major spike in new business for Indegy,” said Indegy CEO Barak Perelman.

“This capital infusion provides the financial resources required to scale up the company and capitalize on this market opportunity,” he added.

Scotto, Warwick Join Indegy

Furthermore, Indegy appointed two new executives to its management team. Joe Scotto joins as chief marketing officer, and Todd Warwick takes over as vice president of sales for the Americas.

Scotto joins Indegy from BAE Systems, where he served as vice president for Americas marketing. Previously, he held positions with KPMG, Avaya and Time Warner, where he led product and solutions marketing for their multichannel global SMB business.

Warwick joins Indegy from Imperva, where he served as AVP of sales. He has held sales management positions at Check Point Software and Alcatel-Lucent which was acquired by Nokia in 2016.

Smart Irrigation System Botnets Threaten Public Water Supply

smart irrigation system

Smart irrigation system vulnerabilities could pose risks to the public water supply, warned researchers from Israel-based Ben-Gurion University of the Negev.

The researchers found that attackers could employ a botnet of smart irrigation systems used by city and local governments to remotely turn watering systems on and off at will. This would enable attackers to empty public water supplies held in towers and reservoirs.

The researchers demonstrated how a bot running on a compromised device can detect a smart irrigation system connected to its local area network in less than 15 minutes. The bot can turn on watering of each smart irrigation system using a set of session hijacking and replay attacks.

“By simultaneously applying a distributed attack that exploits such vulnerabilities, a botnet of 1,355 smart irrigation systems can empty an urban water tower in an hour and a botnet of 23,866 smart irrigation systems can empty flood water reservoir overnight,” said Ben Nassi, one of the researchers who conducted the study.

The researchers examined three popular smart irrigation systems: GreenIQ, BlueSpray, and RainMachine. “We have notified the companies to alert them of the security gaps so they can upgrade their smart system’s irrigation system’s firmware,” said Nassi.

“Although the current generation of IoT devices is being used to regulate water and electricity obtained from critical infrastructures, such as the smart-grid and urban water services, they contain serious security vulnerabilities and will soon become primary targets for attackers,” he added.

Countermeasures to Stop Attacks

For countermeasures, organizations running these smart irrigation systems should consider monitoring unusual water consumption in urban water services. Once unusual activities is detected, the organizations can stop the water distribution. Unfortunately, this also prevents people from getting water, which is not a long term solution.

The organization can upgrade from HTTP to HTTPS in their communications. This would prevent attackers from spoofing TCP packets.

Also, organizations can disable SSH because it is not needed to communicate with a smart irrigation system when a cloud serves as a mediator. This will prevent attackers from executing a code on a smart irrigation system by detecting weak passwords, the researchers concluded.