Four new zero-day attacks came to light when hackers carried them out in fake systems (honeypots) created by researchers to conduct research on attempts piracy in industrial systems. Industrial control systems (ICS) are used to manage a huge range of important devices, from Appliances related to chemical treatment up to those used to generate electricity or even automate buildings, such as fire systems. Many of them use old communication systems that can be connected through exclusive, secure networks. But now, many are using it networks IP-based, including the Internet, for communication, so there are likely to be huge problems security.
It is worth noting that errors found in these systems are rarely repaired by suppliers or users, while some industrial protocols use authentication or encryption, which means they probably trust most of the commands sent to them, regardless of who sends them. All of these factors lead to the creation of a vulnerable environment, thus posing particularly demanding security challenges. To address the security concerns of industrial systems, the researchers used a network of 120 high-interaction honeypots in 22 countries to mimic programmable logic controllers and remote terminals. Within 13 months, there were 80.000 interactions with honeypots, mostly scanning, as well as nine interactions involving the malicious use of industrial protocol. While this number may seem small, four of the nine interactions also featured unknown attacks in the past, or zero-day attacks, one of which was first used in an attack previously identified as proof-of-concept attack. Types of attacks include attacks of denial of service and repetition of orders. Vulnerabilities and related operations were notified to device manufacturers. The research was presented at a cybersecurity conference supported by ΝΑΤΟ.
Mikael Vingaard, industrial safety researcher at Industrial DefenicaOne of the study's participants said the data set was the largest ever used in academic research, and that the number of zero-day attacks discovered showed how convincing the honeypots were. Michael Dodson of the Department of Computer Science and Technology at the University of Cambridge, who was also involved in the research, told ZDNet that if they were done on a real device and not on one honeypot service denial attacks, devices would either be completely extinguished during the attack or they would not be able to communicate with the network. For repeat attacks, the researchers said that if you can repeat the commands to change status or write to registrars, then you have complete control over the behavior of a device.