CryptoCurrency, Blockchain, & SCADA

[This was originally published on in the 2018 Q1 Vulnerability QuickView Report.]

CryptoCurrency and Blockchain: The Latest Rage

Blockchain technology, the foundation of CryptoCurrency such as Bitcoin, Ethereum, and countless others is starting to dominate the news. With the wild ride of Bitcoin prices, where one coin was worth around $19,000 in December, 2017 and a drastic fall in February, 2018 to around $6,900, the financial industry is abuzz with the possibilities. Many would-be entrepreneurs are looking to get involved, while few organizations are monitoring the vulnerabilities in this technology. Risk Based Security has been studying the security aspects for many years and has been collecting the vulnerabilities that range from annoying remote denial of service conditions, to vulnerabilities that allow a single person to mint as many coins as they like, that could lead to serious destabilization of the currency. In the coming months, we will be publishing an extensive blog on the topic of vulnerabilities in the CryptoCurrency market as we continue to aggregate blockchain-based vulnerabilities.

Case Study: SCADA Vulnerabilities

Supervisory Control And Data Acquisition (SCADA) systems are generally considered the systems that run public infrastructure, ranging from power plants and electric grids to damns and spillways. Vulnerabilities in such systems can have catastrophic consequences as we saw in 2015 when Ukraine’s power grid was attacked and portions of the country lost power due to computer intrusion. It is believed to be the first attack against SCADA systems that resulted in wide-scale power outages. Ukraine was attacked in again in 2017 using modified ransomware, that affected a wide variety of systems including radiation monitors at Ukraine’s Chernobyl Nuclear Power Plant. These devastating attacks, according to some experts, are a hint of what may come if SCADA systems are not secured in short order.

2017 saw a significant drop in SCADA disclosures, which led us to speculate in our 2017 End of Year report:

Vulnerabilities in SCADA products only accounted for 1.7% of all reported vulnerabilities in 2017, down from 2.8% in 2016. It is hard to determine if this decline in the number of vulnerabilities found in SCADA products is the result of researchers no longer focusing on SCADA products (e.g. transitioning to IoT or other software) or something else. Based on our knowledge of SCADA, it is hard to imagine it is due to SCADA security improving or vulnerabilities being more difficult to find. Despite this decrease, the potential impact for exploitation of such issues can be far greater than most organizations face.

This year, the first quarter shows an increase in SCADA disclosures, enough to suggest that this may be a new record year.

Leave a Reply