Beyond botnets: Autonomous Firmware Zombie Attack in industrial control systems

IF 4.1 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Seyed Ali Alavi, Hamed Pourvali Moghadam, Amir Hossein Jahangir
{"title":"Beyond botnets: Autonomous Firmware Zombie Attack in industrial control systems","authors":"Seyed Ali Alavi,&nbsp;Hamed Pourvali Moghadam,&nbsp;Amir Hossein Jahangir","doi":"10.1016/j.ijcip.2024.100729","DOIUrl":null,"url":null,"abstract":"<div><div>This paper introduces a novel cyberattack vector called the ”Autonomous Firmware Zombie Attack.” Unlike traditional zombie attacks that rely on botnets and direct network control, this method enables attackers to covertly modify the firmware of substation Intelligent Electronic Devices (IEDs) and other firmware-based appliances, including critical industrial equipment, without requiring an active network connection, leaving minimal trace and making an offensive attack with only one infected device instead of a set of multiple devices in botnets. Unlike conventional cyber threats, this method allows attackers to manipulate devices to cause substantial damage while leaving minimal trace, thus evading traditional detection techniques. This study demonstrates the potential of the Autonomous Firmware Zombie Attack (AFZA), which causes substantial damage while evading conventional detection techniques. We first run such an attack on a series of IEDs as proof of concept for this issue. Then, we compare this approach to traditional remote control attacks, highlighting its unique advantages and implications for industrial control system security. This research underscores the critical need for a robust cybersecurity framework tailored to industrial control systems and advances our understanding of the complex risk landscape threatening critical infrastructures.</div></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"48 ","pages":"Article 100729"},"PeriodicalIF":4.1000,"publicationDate":"2024-12-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548224000702","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

This paper introduces a novel cyberattack vector called the ”Autonomous Firmware Zombie Attack.” Unlike traditional zombie attacks that rely on botnets and direct network control, this method enables attackers to covertly modify the firmware of substation Intelligent Electronic Devices (IEDs) and other firmware-based appliances, including critical industrial equipment, without requiring an active network connection, leaving minimal trace and making an offensive attack with only one infected device instead of a set of multiple devices in botnets. Unlike conventional cyber threats, this method allows attackers to manipulate devices to cause substantial damage while leaving minimal trace, thus evading traditional detection techniques. This study demonstrates the potential of the Autonomous Firmware Zombie Attack (AFZA), which causes substantial damage while evading conventional detection techniques. We first run such an attack on a series of IEDs as proof of concept for this issue. Then, we compare this approach to traditional remote control attacks, highlighting its unique advantages and implications for industrial control system security. This research underscores the critical need for a robust cybersecurity framework tailored to industrial control systems and advances our understanding of the complex risk landscape threatening critical infrastructures.
超越僵尸网络:工业控制系统中的自主固件僵尸攻击
本文介绍了一种称为“自主固件僵尸攻击”的新型网络攻击向量。与依赖僵尸网络和直接网络控制的传统僵尸攻击不同,这种方法使攻击者能够秘密地修改变电站智能电子设备(ied)和其他基于固件的设备(包括关键工业设备)的固件,而不需要活动网络连接,留下最小的痕迹,并且仅对一个受感染设备而不是僵尸网络中的一组多个设备进行攻击。与传统的网络威胁不同,这种方法允许攻击者操纵设备造成重大损害,同时留下最小的痕迹,从而避开传统的检测技术。这项研究证明了自主固件僵尸攻击(AFZA)的潜力,它可以在逃避传统检测技术的同时造成重大损害。我们首先在一系列简易爆炸装置上运行这样的攻击,作为这个问题的概念证明。然后,我们将这种方法与传统的远程控制攻击进行比较,强调其独特的优势和对工业控制系统安全的影响。这项研究强调了对针对工业控制系统量身定制的强大网络安全框架的迫切需求,并提高了我们对威胁关键基础设施的复杂风险格局的理解。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
International Journal of Critical Infrastructure Protection
International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY
CiteScore
8.90
自引率
5.60%
发文量
46
审稿时长
>12 weeks
期刊介绍: The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信