Trend Micro published the report, which confirmed that ICS/SCADA-systems used in critical infrastructure are now the main target of hackers.
To prepare a report a Trend Micro specialist Kyle Wilhoit set up honeypot architecture emulating several ICS / SCADA devices and featuring typical vulnerabilities found on similar systems.
Wilhoit’s honeypots were available via Google’s searches and became victims of automatic and targeted attacks. The first of them was detected within 18 hours.
“We define an attack as anything that may be deemed a threat to Internet- facing ICS/SCADA systems. This includes unauthorized access to secure areas of sites, modifications on perceived controllers, or any attack against a protocol specific to ICS/SCADA devices like Modbus. In addition to classifying these attempts as “attacks,” we also consider any attempt to gain access or cause an incident to the server …”, - says Wilhoit.
The source of 35% of attacks was China, of 19% - USA. Another 2% of attacks were conducted from Laos. The Russian Federation was responsible for only 6% of attacks.
Report can be viewed here.