In 2013, we at HackRead reported how oil and gas sector faces serious physical and online security threats.
Now researchers have found out that hackers like to hunt for gas stations offering Internet-linked fuel tanks.
With the expansion in modernized gas stations offering Internet-linked fuel tanks, it is also imperative that proper security measures are employed to avoid disasters, claim Trend Micro Security researchers.
At the Black Hat USA, 2015 Conference in Las Vegas, TrendLabs Forward-Looking Threat Research (FTR) Team comprising of Stephen Hilt and Kyle Wilhoit presented their most recent research. The team also disclosed their GasPot experiment.
According to the team, they tested a honeypot to discover how today’s hackers viewed internet-connected gas tanks.
In this experiment, they created fake gas tanks mimicking Guardian AST gas-tank-monitoring systems. The system has received a series of unexplainable attacks right from the beginning of 2015.
According to their research, hackers fell prey to their experiment and soon underground groups and text snippets on Pastebin started popping up as hackers started providing information to one another.
All about GasPots:
GasPots are the fake gas tanks created by TrendLabs team. The name has been inspired from HoneyPots. These acted as the servers configured for mimicking as a genuine gas tank. These also contained a Python script that recorded all of its activities.
GasPots were designed particularly for transmitting fake gas tank data as well as observing for any kind of commands from someone trying to feed the system via Internet-accessible terminal.
Several countries including Russia, USA, Germany, United Arab Emirates and Great Britain have deployed GasPots already.
Location of GasPot instances | Image Source: Trend Micro
After analyzing the collected data in the logs, the team concluded that the most predominant activity was related to the standard GET commands, which were used to inquire about the gas tanks typically used by automatic scanners.
The DDOSed Gas Tank:
Some of the commands were entered in the gas tank honeypots such as ones inquiring about tank’s details and those that attempted to change its name.
The names of some gas tanks were eventually changed, but the most surprising discovery was that at one point, a 2Gbps DDoS attack was also recorded at GasPots located in Washington. The source, reveals preliminary evidence, was the Syrian Electronic Army/SEA.
Research team also claimed that they
“have not seen the SEA use this technique in previous attacks, [and this] could have been performed by another group or person who wants to put the blame on the SEA.”
US gas stations Most Favorite Target of Hackers
According to the logs, a majority of the attacks originated from countries like Iran, China, Russia, Syria, USA, Canada, Romania and Mexico but most of them utilized secured VPN links and thus, their actual location remained dubious.
Around 44% of the recorded attacks were directed towards gas tanks in the US, 17% to Jordan and 11% was recorded in Great Britain, Brazil and the United Arab Emirates.
Report typos and corrections to [email protected]
[src src=”Source + Full Report in PDF” url=”http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_gaspot_experiment.pdf”]TrendMicro[/src]
