Search This Blog

Friday, 5 July 2013

BruteFroce attacks ! Critical infrastructures be aware.....

Whenever you go to shop and purchase any kind of networking device it comes with factory-default settings. Well these settings come as a preliminary security measure, these settings are standardized by the manufacturer and they expect their customers to change them accordingly. But sometimes as a naive user or anything else customers just forget to do this ! And there comes the chance of eavesdropping, anybody can easily break into your network and listen to traffic. How important to change these settings ? If you don't have an critical information to protect that doesn't mean you are safe without changing these settings, an eavesdropper can hack your personal information. DHS's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a warning that attacks against critical infrastructure are growing day by day, with more than 200 brute-force cyber attack incidents reported between last October and May, surpassing the 198 total attacks in all of fiscal year 2012.

There are lots of government institutions and other sort of critical infrastructures witnessed these attacks in the past few years. Again, it's a bit confusing why such warnings are not taken much more seriously. In 2008, a group showed how to remotely hack a pacemaker and deliver a lethal shock to an implantable cardiac defibrillator. A 2011 Black Hat presentation explained how an attacker with a powerful antenna could be up to a half mile away from a victim yet launch a wireless hack to remotely control an insulin pump and potentially kill the victim. In 2012, a pacemaker hacker said a worm could possibly 'commit mass murder.' Being killed by code was an idea kicked around since 2010. Also in 2012, the feds were pressed to protect wireless medical devices from hackers.

Let's hope all these vital systems and medical devices will soon be truly secure, so we don't awaken one day to discover our critical infrastructure is down, that people with embedded medical devices are being killed by cyber-assassins, or that people depending upon medical device services are being taken out by malware.

No comments:

Post a Comment