Towards Understanding Man-on-the-Side Attacks (MotS) in SCADA Networks

by   Peter Maynard, et al.

We describe a new class of packet injection attacks called Man-on-the-Side Attacks (MotS), previously only seen where state actors have "compromised" a number of telecommunication companies. MotS injection attacks have not been widely investigated in scientific literature, despite having been discussed by news outlets and security blogs. MotS came to attention after the Edward Snowden revelations, which described large scale pervasive monitoring of the Internet's infrastructure. For an advanced adversary attempting to interfere with IT connected systems, the next logical step is to adapt this class of attack to a smaller scale, such as enterprise or critical infrastructure networks. MotS is a weaker form of attack compared to a Man-in-the-Middle (MitM). A MotS attack allows an adversary to read and inject packets, but not modify packets sent by other hosts. This paper presents practical experiments where we have implemented and performed MotS attacks against two testbeds: 1) on HTTP connections, by redirecting a victim to a host controlled by an adversary; and 2) on an Industrial Control network, where we inject falsified command responses to the victim. In both cases, the victims accept the injected packets without generating a suspiciously large number of unusual packets on the network. We then perform an analysis of three leading Network IDS to determine whether the attacks are detected, and discuss mitigation methods.


Defending SDN against packet injection attacks using deep learning

The (logically) centralised architecture of the software-defined network...

A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method

This paper presents a hybrid method for the detection of distributed den...

Packet Chasing: Spying on Network Packets over a Cache Side-Channel

This paper presents Packet Chasing, an attack on the network that does n...

A Diamond Model Analysis on Twitter's Biggest Hack

Cyberattacks have prominently increased over the past few years now, and...

Attack Tactic Identification by Transfer Learning of Language Model

Cybersecurity has become a primary global concern with the rapid increas...

More than you've asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models

We are currently witnessing dramatic advances in the capabilities of Lar...

Meet the Family of Statistical Disclosure Attacks

Disclosure attacks aim at revealing communication patterns in anonymous ...

Please sign up or login with your details

Forgot password? Click here to reset