Anonymous is eyeing industrial control systems for future attacks, says the U.S. Department of Homeland Security, but its members have yet to demonstrate a capability to inflict damage to these systems.
“The information available on Anonymous suggests they currently have a limited ability to conduct attacks targeting ICS,” says in the security bulletin recently compiled by DHS’ National Cybersecurity and Communications Integration Center. “However, experienced and skilled members of Anonymous in hacking could be able to develop capabilities to gain access and trespass on control system networks very quickly.”
Aware that vulnerabilities in industrial control systems are plentiful, the DHS warns that common penetration testing software already uses control system exploits and packet inspection tools now support industrial protocols, so they can be taken advantage of for mounting attacks.
“In addition, there are control systems that are currently accessible directly from the Internet and easy to locate through internet search engine tools and applications,” says the DHS experts. “These systems could be easily located and accessed with minimal skills in order to trespass, carry out nefarious activities, or conduct reconnaissance activities to be used in future operations.”
Anonymous has still not targeted industrial control systems, but the DHS expects them to start in the near future as the collective has already made it known that its members should be targeting energy companies that don’t seem to make an effort towards a “greener” production.
In the past, a member has attacked the websites and email servers of the biotech seed giant Monsanto, exfiltrated data about its employees and made it available on Pastebin. The collective has also organized and backed up protests against some questionable real-world initiatives that could result in pollution.
A number of members have also posted messages on Twitter that indicate they have been looking into the software that is used to run industrial control systems.