«An IoT botnet for high-powered devices – such as air conditioners and heaters – gives malicious actors a unique ability to launch coordinated large-scale attacks on the power grid […] In particular, we reveal a new class of potential attacks in electricity grids called ‘demand manipulation through IoT attacks’ (MadIoT) that can take advantage of a zombie network to manipulate the demand for energy in the network »
For some years ago, it was already talking about the great attacks that could be (and in some cases were already) carried out in the IoT (Internet of Things), which could have very severe consequences.
Many of the attacks that have occurred in the past have been unable to have an efficient response to prevent them. This is due both to the novelty of such attacks and to the fact that most made use of classic flaws.
So we cannot ignore StuxNet, remember that this computer worm, launched between 2007 and 2008, and discovered in 2010 by VirusBlokAda, a security company located in Belarus, founded in 1997, was the first known worm to spy on and reprogram industrial systems. , more precisely SCADA systems (Supervision, Control and Data Acquisition), of process control and monitoring, which may affect critical infrastructures such as nuclear power plants. Supposedly created to sabotage the uranium enrichment processes of the Iranian nuclear program, it is estimated that it destroyed up to 1,000 centrifuges before being discovered.
Kaspersky Lab described Stuxnet in a press release as:
«A terrifying and functional prototype of a cyber weapon that will lead to the creation of a new world arms race»
It looks like something out of a cyberpunk movie, but it is something that happened 8 years ago. So it is not from any movie, much less science fiction. But StuxNet is just one of many threats that can be named. Following this computer worm, experts have warned that it was only a matter of time before other destructive attacks occurred.
So it was that in 2010, in a German report published just before Christmas, it was explained that hackers had attacked an unnamed steel factory in Germany. They did so by manipulating and disrupting the control systems to such an extent that a furnace could not be closed properly, resulting in “massive”, though unspecified, damage.
It is uncertain when exactly this attack occurred, the report, issued by Germany’s Federal Office for Information Security (BSI), indicates that the attackers gained access to the steel plant through the plant’s commercial network. , and then made their way through the production networks to access the plant’s control systems. Attackers infiltrated the corporate network using a phishing attack. Once established in a system, they were able to explore the company’s networks, compromising a significant number of systems, including the industrial components in the production network.
«The attacker’s know-how was highly pronounced, not only in conventional IT security but also in detailed knowledge of applied industrial controls and production processes»
—Inside the BSI Report
And as time went by, the attack range and the severity of it increased. By 2013 the Calpine company, the largest electricity generator from natural gas and geothermal resources in the United States since 1984, was virtually looted as detailed plans for the network and 71 electrical stations were stolen, precise location of devices, network diagrams and passwords for electrical network devices, all very valuable information for anyone who wants to attack the same network.
«America must be prepared for a massive attack, on an Armageddon scale»
—Lt. Gen. James Clapper, Director of National Intelligence, 2015.
SCADA systems are often blamed for their common use in large industries, but also for their simplicity of use and the fact that they are online, which, like everything, will sooner or later be targeted for attacks.
The Federal Energy Commission believes that a coordinated attack on just 9 power plants could cause a ripple effect on the US grid. Let’s consider that 71 plans of electrical stations were stolen. The consequence would be a blackout from coast to coast.
In 2012, a group of hackers managed to remotely manipulate the thermostats of a government building and a manufacturing plant to successfully change the temperature of the interior. Not to mention if this same thing had happened in a data processing center, to give an example, and see how it could have caused damage to the IT infrastructure.
In 2014, Reuters, a UK-based news agency, wrote an article that reports that an attacker managed to tilt an oil rig off the African coast, thereby shutting down systems. Somali pirates are suspected of having access to cargo ship location information, so the crew often turn off their navigation systems or misrepresent location data to make it look like they are elsewhere when they pass through. risk areas or controlled by pirates.
There needs to be a common effort in making users and consumers aware of the implications of using these technologies and the steps to take to secure their own devices. Defining strategies to manage the security of new and legacy devices, incorporating measures into the design phase.
All this may seem distant to those who are not part of companies that manage systems within the IoT, but if the attacks date back almost 10 years, it is evident that it involves us or will involve us all as the Internet merges more with our lives, such as the attacks on Cortexa home automation systems, capable of giving intelligent control of your home to an attacker of who knows where for whom knows what.
The truth is that, for some time now, there have been at least 10 challenges for IoT security. There are more and more connected devices, and therefore the development of applications of this type is also increasing.
Cyber warfare, referring to the simulated unlawful attacks taking place at the same time on the planet, grows, and as it grows it is more and more necessary to understand how technology works to know how to move. Everything else, time will tell.