Biblio

Conpot is a low-interaction SCADA honeypot system that mimics a Siemens S7-200 proprietary device on default deployments. Honeypots operating using standard configurations can be easily detected by adversaries using scanning tools such as Shodan. This study focuses on the capabilities of the Conpot honeypot, and how these competences can be used to lure attackers. In addition, the presented research establishes a framework that enables for the customized configuration, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Shodan scanners. A comparison between the default and configured deployments is further conducted to prove the modified deployments' effectiveness. The resulting annotations can assist cybersecurity personnel to better acknowledge the effectiveness of the honeypot's artifacts and how they can be used deceptively. Lastly, it informs and educates cybersecurity audiences on how important it is to deploy honeypots with advanced deceptive configurations to bait cybercriminals.

The generation, transmission, distribution, and storage of electric power is becoming increasingly decentralized. Advances in Distributed Energy Resources (DERs) are rapidly changing the nature of the power grid. Moreover, the accommodation of these new technologies by the legacy grid requires that an increasing number of devices be Internet connected so as to allow for sensor and actuator information to be collected, transmitted, and processed. With the wide adoption of the Internet of Things (IoT), the cybersecurity vulnerabilities of smart grid devices that can potentially affect the stability, reliability, and resilience of the power grid need to be carefully examined and addressed. This is especially true in situations in which smart grid devices are deployed with default configurations or without reasonable protections against malicious activities. While much work has been done to characterize the vulnerabilities associated with Supervisory Control and Data Acquisition (SCADA) and Industrial Control System (ICS) devices, this paper demonstrates that similar vulnerabilities associated with the newer class of IoT smart grid devices are becoming a concern. Specifically, this paper first performs an evaluation of such devices using the Shodan platform and text processing techniques to analyze a potential vulnerability involving the lack of password protection. This work further explores several Shodan search terms that can be used to identify additional smart grid components that can be evaluated in terms of cybersecurity vulnerabilities. Finally, this paper presents recommendations for the more secure deployment of such smart grid devices.

Industrial Control Systems (ICS) are widely deployed in mission critical infrastructures such as manufacturing, energy, and transportation. The mission critical nature of ICS devices poses important security challenges for ICS vendors and asset owners. In particular, the patching of ICS devices is usually deferred to scheduled production outages so as to prevent potential operational disruption of critical systems. In this paper, we present the results from our longitudinal measurement and characterization study of ICS patching behavior. Our analysis of more than 100 thousand Internet-exposed ICS devices reveals that fewer than 30% upgrade to newer patched versions within 60 days of a vulnerability disclosure. Based on our measurement and analysis, we further propose a model to forecast the patching behavior of ICS devices.

Video surveillance, closed-circuit TV and IP-camera systems became virtually omnipresent and indispensable for many organizations, businesses, and users. Their main purpose is to provide physical security, increase safety, and prevent crime. They also became increasingly complex, comprising many communication means, embedded hardware and non-trivial firmware. However, most research to date focused mainly on the privacy aspects of such systems, and did not fully address their issues related to cyber-security in general, and visual layer (i.e., imagery semantics) attacks in particular. In this paper, we conduct a systematic review of existing and novel threats in video surveillance, closed-circuit TV and IP-camera systems based on publicly available data. The insights can then be used to better understand and identify the security and the privacy risks associated with the development, deployment and use of these systems. We study existing and novel threats, along with their existing or possible countermeasures, and summarize this knowledge into a comprehensive table that can be used in a practical way as a security checklist when assessing cyber-security level of existing or new CCTV designs and deployments. We also provide a set of recommendations and mitigations that can help improve the security and privacy levels provided by the hardware, the firmware, the network communications and the operation of video surveillance systems. We hope the findings in this paper will provide a valuable knowledge of the threat landscape that such systems are exposed to, as well as promote further research and widen the scope of this field beyond its current boundaries.