Researchers at Positive Technologies, the information security firm, discovered vulnerabilities which could let hackers gain access to specialty utility systems in “many industrial plants” and maliciously “shut off water or electricity supplies“, according to a recent article published by the Telegraph website. The article states that researchers found “flaws in the Supervisory Control and Data Acquisition (SCADA) computer systems” which are in control of “major infrastructure, including energy, oil and gas and transportation“, according to reports.
This discovery shows, according to the article, “vulnerabilities in the way that Siemens’ WinCC software encrypts and stores passwords in its project database” leaving attackers to “gain access to Programmable Logic Controllers” which are the primary systems that have control over “machinery and other processes.” Unfortunately this was not the only issue researchers discovered. The article indicated further that Positive Technologies also reported security vulnerabilities in DAQConnect system – showing that hackers could also access “other SCADA installations“. The article was clear to state that “SCADA systems monitor and control physical industrial processes and are used widely in industry.”
These researchers estimated, according to the report, that Metasploit, a testing software that simulates attacks on computers and networks, can hack into “90 per cent of the systems they tested” and found that “60,000 industrial control system devices” are at “risk of attack” – stating further that “many of them were home systems.” Executive Vice President of Positive Technologies, Daniel Tarasov, was quoted in the article to say, “If hackers were to attack utility companies’ SCADA systems, then water and electricity supplies could easily be switched off. If this happens in IT systems, the worst that can happen is your system stops working, but when you’re talking about power plants, then your power stops working. Anything that’s connected to critical infrastructure is very serious, basically the consequence can be from really small to really huge and catastrophic.”