Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Cyber-Attackers Targeting Web-Connected Fuel Tanks, Experiment Finds

    Written by

    Robert Lemos
    Published August 8, 2015
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Attackers have begun targeting fuel-tank monitoring systems, which are known to be vulnerable to manipulation, researchers at security firm Trend Micro stated in a report released on Aug. 5.

      The researchers used custom-created honeypot programs to emulate a common fuel-tank monitoring device used to monitor the gasoline levels at gas stations and found dozens of attempts to access the six systems deployed in different locations across the globe, including the United States, Germany, Jordan and the United Arab Emirates.

      The experiment, dubbed GasPot, aimed to explore attackers’ interest in noncritical industrial control systems (ICS), Kyle Wilhoit, senior threat researcher at Trend Micro, told eWEEK.

      “This research is not about showing that these pumps are going to blow up, but that there are vulnerabilities in the ICS world,” he said. “These devices should never be [connected to] the Internet.”

      Like many other devices linked to the Internet of things, automated gas-pump monitoring systems pose a risk because many do not have security built into their design or have been improperly configured. In January, an oil-and-gas technology consultant and researchers from security firm Rapid7 found that more than 5,300 monitoring devices were directly connected to the Internet and could be accessed by attackers. An attack on the devices could be used to report false fuel readings or fake a leak in a gas tank.

      In Trend Micro’s honeypot experiment, researchers created six virtual tank-monitoring systems, modeled after Guardian AST devices. The GasPot systems recorded more than 200 automated scanning and basic connection attempts over a six-month period, according to the researchers. In addition, the honeypots detected more than four dozen attempts to use various commands to make changes to the systems.

      In the end, however, only four modifications were made to the systems. In one case, attackers attempted to change the name of one tank to “H4CK3D by IDC-TEAM” and another tank name to “AHAAD WAS HERE.” On its face, the modifications appear to implicate hackers from the Iranian Dark Coders (IDC) Team, a group that supports the Iranian government, of hacking into the systems.

      In another case, attackers targeted a system in the Washington, D.C., area with a flood of data, peaking at 2G bps and lasting two days. Such a distributed denial-of-service (DDoS) attack would prevent the legitimate owner of the device from monitoring its status, but would likely have little other effect, Wilhoit said.

      “The types of attacks depend entirely on the sophistication of the tank monitoring systems installed,” Trend Micro said in an online statement. “Simple ones can only enable attackers to monitor the status of the system, while more sophisticated systems allow attackers to take control of and manipulate their targets’ tanks.”

      Most of the attacks encountered by the researchers, about 44 percent, focused on the system in the United States, Trend Micro’s report stated. Jordan, at 17 percent, was the next most popular target. A honeypot in Germany encountered no attacks during the six-month experiment.

      Robert Lemos
      Robert Lemos
      Robert Lemos is an award-winning journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's written for Ars Technica, CNET, eWEEK, MIT Technology Review, Threatpost and ZDNet. He won the prestigious Sigma Delta Chi award from the Society of Professional Journalists in 2003 for his coverage of the Blaster worm and its impact, and the SANS Institute's Top Cybersecurity Journalists in 2010 and 2014.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×