SCADA Systems VulnerabilitiesFinland has become a virtual haven for vulnerable SCADA (Supervisory Control and Data Acquisition) systems, according to several Finnish security researchers from Aalto University. In fact, there are thousands of Internet-facing SCADA systems just waiting to be ravaged and compromised by the wild wolves of the Worldwide Web, specifically those that can be found using the search engine known as Shodan. The tests were conducted way back in January, and the results were alarming, to say the least. After all, SCADA systems are mostly used in order to manage and facilitate entire factories, airports, and power plants. If a hacker were to conduct cyber terrorism attempts of Hollywood-film proportions, then SCADA should be their primary target.
Indeed, there's a wealth of possible exploitative actionsThat crackers can do in order to manipulate vulnerable SCADA systems that security researchers won't realize until too late, from massive malware infections to destroying computers by lowering the CPU fan speed and letting the whole thing overheat.
At any rate, a whopping 2,915 exposed systems that ran functions such as the water supply, transportation, and building automation was exposed as vulnerable to hacker attack.
The potential for cyber terrorism actually affecting real-life systems is now at an all-time high thanks to countries opting to use the Internet and system management software to automate every last service imaginable.
The fact that SCADA is Internet-facing is also a bone-chilling concept in light of the fact that SCADA runs so many system functions that are vital to everyday life.
If these systems were to get attacked at the same time, it will be a digital apocalypse right now in Finland.
These 2,915 responses were out of a total of 185,000 IP addresses from Finland that replied to an HTTP query.
The researchers also took note that exposing SCADA systems means compromising a whole lot of automation systems in Finland, which includes hospitals, a jail, banks, and so forth, according to to Jukka Manner, a networking and communications professor.
With that said, when the people responsible for the research ran the test again this month, they were glad to know that their initial warnings were heeded by the affected organizations.
Many of the exposed systems were taken out of the Worldwide Web entirely.
However, there are still 1,969 (of 2,915) systems still lurking about.
Besides which, as extensive as Shodan was, about 30% of Finnish IP addresses remain hidden and unmapped by the bots of the search engine, which means even if the remaining vulnerable systems were removed from Internet distribution, hackers could still have access to other Finnish SCADA systems that remain vulnerable to security-hole exploitation and whatnot.
|