Accepted author manuscript, 469 KB, PDF document
Available under license: CC BY: Creative Commons Attribution 4.0 International License
Final published version
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Identifying infected energy systems in the wild
AU - Marnerides, Angelos
AU - Giotsas, Vasileios
AU - Mursch, Troy
N1 - Conference code: 10
PY - 2019/6/25
Y1 - 2019/6/25
N2 - The 2016 Mirai outbreak established an entirely new mindset in the history of large-scale Internet attacks. A plethora of Mirai-like variants have emerged in the last two years that are capable to infiltrate any type of device. In this paper we provide a 7-month retrospective analysis of Internet-connected energy systems that are infected by Mirai-like malware variants. By utilizing network measurements from several Internet vantage points, we demonstrate that a number of energy systems on a global scale were infected during the period of our observation. While past works have studied vulnerabilities and patching practises of ICS and energy systems, little information has been available on actual exploits of such vulnerabilities. Hence, we provide evidence that energy systems relying on ICS networks are often compromised by vulnerabilities in non-ICS devices (routers, servers and IoT devices) which provide foothold for lateral network attacks. Our work offers a first look in compromised energy systems by malware infections, and offers insights on the lack of proper security practices for systems that are increasingly dependent on internet services and more recently the IoT. In addition, we indicate that such systems were infected for relatively large periods, thus potentially remaining undetected by their corresponding organizational units.
AB - The 2016 Mirai outbreak established an entirely new mindset in the history of large-scale Internet attacks. A plethora of Mirai-like variants have emerged in the last two years that are capable to infiltrate any type of device. In this paper we provide a 7-month retrospective analysis of Internet-connected energy systems that are infected by Mirai-like malware variants. By utilizing network measurements from several Internet vantage points, we demonstrate that a number of energy systems on a global scale were infected during the period of our observation. While past works have studied vulnerabilities and patching practises of ICS and energy systems, little information has been available on actual exploits of such vulnerabilities. Hence, we provide evidence that energy systems relying on ICS networks are often compromised by vulnerabilities in non-ICS devices (routers, servers and IoT devices) which provide foothold for lateral network attacks. Our work offers a first look in compromised energy systems by malware infections, and offers insights on the lack of proper security practices for systems that are increasingly dependent on internet services and more recently the IoT. In addition, we indicate that such systems were infected for relatively large periods, thus potentially remaining undetected by their corresponding organizational units.
U2 - 10.1145/3307772.3328305
DO - 10.1145/3307772.3328305
M3 - Conference contribution/Paper
SP - 263
EP - 267
BT - e-Energy 2019 - Proceedings of the 10th ACM International Conference on Future Energy Systems
PB - ACM
CY - New York
T2 - Tenth ACM International Conference on Future Energy Systems (ACM e-Energy)
Y2 - 25 June 2019 through 28 June 2019
ER -