AS_5/2017

CYBER SECURITY

tecnica

Automazione e Strumentazione

Giugno/Luglio 2017

mitigated simply by denying access to these web services

from anyone connected to the Internet.

Microsoft webservers

vulnerabilities are

about 17%

of the

total. Therefore, the majority of webserver vulnerabilities hits

Unix based systems (83%). Scada products and network devi-

ces are less impacted than the other services, with

21% and 4% of the total vulnerabilities found.

Conclusions

Sophisticated and always more professional

hackers will only grow in capabilities and ambi-

tions. ICS / Scada / IoT systems must be pro-

tected more and in a better way.

Lutech, with this research, found many systems

compromised in the past and many other systems

that could be easily exploited, mainly because

of bad basic configurations, and used for mali-

cious purposes by a light-skill attacker. Moreo-

ver, Lutech wants to underline that even if there

are different evidences of compromises, many of

them remain undisclosed and private. This con-

sideration should give us a pause for thought:

some systems could be under threat of being

compromised with ‘silent attacks’ or could be

already used by attackers in a stealth way, giving

to administrators a false sense of security.

Public and private sector stakeholders must adopt stronger

security strategies based on layered defences by using existing

technologies and frameworks.

Figure 4 – Vulnerabilities distribution