• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Hacks   »   Revealing Widespread Gas Station Cyber Attacks at Black Hat

Revealing Widespread Gas Station Cyber Attacks at Black Hat

  • Posted on:July 31, 2015
  • Posted in:Hacks, Security, Web Security
  • Posted by:
    Cara West-Wainwright
1

At Trend Micro it’s always been our job to work out where the next threat is coming from, so we can offer the best protection possible to our customers. Sometimes people listen to us at shows and say: “Seriously? That’s never happened to us.” But that’s the point. It hasn’t … yet. Who would have thought gas pump monitoring systems in the US were a target for hackers?

The truth is they are, and at Black Hat next week we’ll tell you exactly how and why.

Times have changed

We’re no longer faced with bedroom-bound enthusiasts releasing potent but relatively innocuous viruses into the wild. Today’s threat landscape is about highly motivated, well resourced, agile and covert cybercriminals – many of whom know exactly how to stay hidden long enough to exfiltrate your most sensitive corporate data. It’s also about nation state actors on the prowl for anything which is economically or geopolitically advantageous. And it’s about hacktivists – many of whom hail from within our borders – who want to make a moral point by attacking organizations and exposing sensitive data to the public.

What this means practically speaking is that virtually every organization is a potential target. Whether you’re a government agency harboring state secrets, a business with credit card data sitting in your servers, or an organization that has somehow offended the hacktivist community.

Gas pumps exposed

Trend Micro’s senior threat researcher, Kyle Wilhoit, along with Stephen Hilt, first discovered an attack on the Guardian AST Monitoring System for internet-facing gas pumps earlier this year. On that occasion the attackers merely changed the name of a pump from “DIESEL” to “WE_ARE_LEGION” – the tag line for hacktivist collective Anonymous.

Now, that attack was pretty innocuous. But given that these systems typically monitor inventory, pump levels, and other key aspects of gas pumping systems, the potential is there for severe disruption of services. Empty tank values could be altered to display as full, leading to gas stations with no fuel. Kyle found more than 1,500 internet-facing pumps lacking adequate security to keep the bad guys out.

Read more here about Kyle’s presentation at Black Hat next week.

See you at Black Hat

The problem the good guys have is being able to share threat intelligence quickly enough and with the right people to make a difference. Trend Micro is fortunate in having great relationships with law enforcement agencies around the globe. But conferences like Black Hat are also a vital platform. They let us share intelligence and research that help us expand our parameters and come together as a community in a way that proves we’re greater than the sum of our parts.

That’s why Trend Micro is delighted to be presenting our research on attacks against gas tank monitoring systems at the show. Our very own Kyle Wilhoit and Stephen Hilt will be presenting their ground-breaking research on 5 August in the Jasmine Ballroom at 4.20pm: The Little Pump Gauge That Could: Attacks Against Gas Pump Monitoring Systems. And we’ll also be releasing a new free tool, Gaspot, to enable researchers and operators to set up their own virtual monitoring systems to track attempted attacks.

That’s not all. Senior malware scientist Sean Park will be discussing evasion techniques used against financial institutions in his not-to-be-missed talk at 11.30pm in Mandalay Bay GH: Winning the Online Banking War.

But we’re also looking forward to a fascinating few days of presentations on everything from mPOS flaws to targeted takedowns; and cloning 4G SIMs to IoT attacks.

The bad guys are pretty good at sharing intelligence, so let’s make sure we are too. See you in Vegas on August 5.

Related posts:

  1. Revealing the True Cyber-Risks Facing Connected Healthcare Providers
  2. A Year to Remember: What Can we Learn to Improve Cyber Security in 2016?
  3. Is Your Car Connected or Protected?
  4. Join us at Black Hat 2017

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Nuffield Health Depends on Managed XDR with Trend Micro Vision One
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.