Epsilon security breach: 5 signs it's only the tip of the iceberg

This week millions of e-mail addresses were reported stolen from Epsilon, a firm that supplies e-mail marketing to BestBuy, Disney, and many others. Here are five more emerging targets for precision attacks:

4. Industrial-control systems

  • close
    The Bushehr nuclear power plant in Iran is seen as a target for Stuxnet.
    Ebrahim Norouzi/IIPA/AP/File
    View Caption
  • About video ads
    View Caption

In a high-profile move, the US Computer Emergency Readiness Team (US-CERT) last month issued four alerts highlighting no less than 34 vulnerabilities in the software of control systems often used to run power plants, water purification, or factory automation.

The alerts were issued after "exploits" – malicious software that targeted the vulnerabilities – were posted to a popular online site. The attack software threatens a type of industrial-control system called a "Supervisory Control and Data Acquisition" or SCADA system.

But the government's warning is only the latest in the trend among hackers to target industrial-control systems. Last fall saw Stuxnet, the world's first publicly confirmed cyber superweapon, target Iran's nuclear facilities. A hypersophisticated piece of software likely written by a covert government hacker team, Stuxnet clones are expected since it is available on the Internet to be reverse engineered, several experts say.

In addition, last fall saw the first SCADA "exploit" added to a popular hacker tool called Metasploit. That leads some experts to suggest that software written to attack industrial-control systems is destined to soar.

"Targeted attacks did not start in 2010 and will not end there," Symantec, the computer security firm based in Mountain View, Calif., said in a report released Tuesday. "While Stuxnet is a very sophisticated threat, not all targeted attacks need to employ such a high degree of complexity in order to succeed."

4 of 5