An attack on utilities and infrastructure “is imminent”, various security experts have told TechEye.
Elsewhere, alarm bells rang as McAfee and the Centre for Strategic and International Studies (CSIS) launched a report called ‘In the Dark: Crucial Industries Confront Cyber-attacks’. It found that 40 percent of 200 IT security executives surveyed were worried that a major cyber-attack on critical infrastructures would occur within a year. The problem is, according to some, they are already happening.
Forty percent of the execs, from critical electricity infrastructure enterprises in 14 countries, also said the industry’s vulnerability had increased almost 30 percent. They believe that their companies are not ready for cyber-attacks. 90 to 95 percent of the people working on the smart grid were not concerned about security and only saw it as a last box they had to check.
One security professional, who wished to remain anonymous, said it’s another case of people “sticking their heads in the sand.”
Our source tells TechEye: “There’s already been attacks and threats to hospital infrastructure and financial institutions, while there’s been numerous security warnings of cyber attacks from China on utilities and infrastructure.
“Although it may be controversial to say, there’s no better way to attack a country then hit its power grids and overall infrastructure. That said, and as this report seems to show, no-one is really doing anything about it.
“They aren’t tightening their security around this, instead taking a head in the sand approach. If they don’t buck up their ideas soon, attacking countries will take advantage of this and I’m afraid I’ll take an “I told you so” approach.”
Another told us that he was surprised that this threat has taken so long to come to light.
“Of course, hackers are bright enough to move away from businesses and set their sites on the more important things such as utilities. After all, if they can take down a website, think what they can do to a power grid when they team up and put their clever minds together.
“Is there anything we can do?
“Sure, make sure utility companies keep up to date with their security, but that’s a lot easier said than done. After all, many are still burying their heads in the sand. Until a major threat occurs and hackers show their collective almighty strength, utility companies will continue to plod along as they already are.”
Other security experts are cautiously claiming that, as more DDoS attacks occur from people joining forces to bring down companies who have done something to annoy them, the threat could turn more sinister. A recent example is Sony, which was seen the PSN totally brought to its knees.
The attack is thought to be a thoroughly annoyed group of people who are upset about how Sony has handled the legal case it made against George Hotz, who posted the PS3’s root keys to get the system running on an alternative OS. Anonymous denies it is involved.
It’s no surprise, Professor Les Hatton at Kingston University tells TechEye: “The Sony attack wasn’t anything new, it just came to light as the company is high profile. The more high profile the attack, the higher and more qualified the hacker.
“It happens all the time.
“Most of the time servers are being attacked, it’s something we’ve come to expect from the internet. There’s obviously various types of attack from DDoS to breaking down passwords of government and business machines and installing software on them.
“Government sites and power grids are also being attacked.
“There will be more serious threats in the future as there is lots of money to be made. This will involve espionage as well as more serious attacks on utilities.”
Meanwhile, Graham Cluley at Sophos agrees: “We have seen attacks like this in the past. On the internet groups have formed to launch DDoS attacks, which have been very detrimental to companies with just a web presence. This is something groups will continue to do.
“On the other hand hackers going after a company which doesn’t depend on the internet will usually go it alone because this type of attack is far more malicious and not for notoriety meaning they don’t want to get caught.
“As more people however see they can join the net and form bonds with members to attack companies, this will become more and more popular,” he added.