Threat of the month: SCADA "sport fishing"
Threat of the month: pdf.exe.zip files
What is it?
SCADA is not just a focus because of its often critical deployments, but also because performing vulnerability research on SCADA systems is easy, like 1990's stack buffer overflow type-of-easy.
Should I be worried?
A few years ago during a SCADA network penetration test, we found a zero-day vulnerability within SCADA software that helped manage a city's water filtration process. Attackers could manipulate a water supply to make it undrinkable. The environmental impact could have had a harmful enough effect on local wildlife that we came up with the phrase “SCADA sport fishing.”
How can I prevent it?
If your organization leverages SCADA systems, you have a lot of work ahead of you because education needs to happen with a lot of the manufacturers of this technology. Most solutions are being built with little security coding standards and are, in most cases, much easier to discover vulnerabilities in than, say, something from Adobe or Microsoft.