Security

This article is more than 1 year old

Crackpot hackpots pop top of GasPots

Destruction for destruction's sake.

Fri 7 Aug 2015 // 05:08 UTC

Blackhat 2015: Trend Micro researchers Kyle Wilhoit and Stephen Hilt believe they've found attackers actively seeking to hack and shut down petrol stations.

The duo from the forward-looking research team find the attacks by establishing simulated petrol station monitoring systems around the world as honeypots.

Wilhoit and Hilt had earlier this year found actors using the Anonymous hacker moniker tried to pop the monitors.

Earlier this year, Rapid7 published research that showing attackers could shut down petrol stations.

"We found that GasPot (gas monitoring honeypot) systems deployed in the US were deemed most attractive by attackers," the pair say in the paper The GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems [PDF] presented at Blackhat in Las Vegas this week.

"To better understand the current gas-tank-monitoring system attack landscape, we developed a way to simulate the existence of these devices to check whether threat actors will find them venues attractive enough to go after.

"We created virtualised Guardian AST tank-monitoring systems, complete with function and input /output controls and other features, that make attackers believe they are real."

Most attackers targeted US honeypots, followed by those in Jordan, Britain, and other parts of the world. One of the groups left a calling card of the Iranian Dark Coder hackvitist team. In another 'AHAAD WAS HERE' was sprayed across the honeypot.

The team says the honeypots are crafted from the ground up to closely resemble a real monitoring system and would drop logs to reveal connection attempts.

Some honeypots are configured to leak to the popular SHODAN industrial control system search engine.

Attackers are found sharing IP address information of the would-be petrol pumps on web clipboards.

"Attacks against internet-facing gas-tank-monitoring systems are no longer hypothetical," the pair says. "The implications of this research highlight the lack of security awareness surrounding internet-connected devices." ®

Topics

Special Features

Vendor Voice

Resources

Security

Crackpot hackpots pop top of GasPots

Destruction for destruction's sake.

More about

More about

Narrower topics

More about

More about

More about

Narrower topics

TIP US OFF

Other stories you might like

US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products

Beijing-backed cyberspies attacked 70+ orgs across 23 countries

Microsoft squashes SmartScreen security bypass bug exploited in the wild

Industrial systems integrating digitalisation

Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

Malicious xz backdoor reveals fragility of open source

Rust developers at Google are twice as productive as C++ teams

Feds finally decide to do something about years-old SS7 spy holes in phone networks

US critical infrastructure cyberattack reporting rules inch closer to reality

H-1B visa fraud alive and well amid efforts to crack down on abuse

Feds probe alleged classified US govt data theft and leak

Apple's GoFetch silicon security fail was down to an obsession with speed

About Us

Our Websites

Your Privacy