Historically we have worked to protect PII and PHI, bank records and trade secrets, but companies haven't had a good track record, Skoudis said. But, attackers are now targeting physical infrastructure such as industrial control systems and SCADA systems.
"Some of it is just mischief, but it could be a harbinger of much bigger things to come," Skoudis said. "We are rapidly moving into the area where cyberattacks cause kinetic impact."
Smaller systems are now at risk, such as automobiles, water distribution systems and traffic light control systems, which have buffer overflows, SQL injection flaws and other coding problems that can be exploited, he said. Attackers can infiltrate the devices and gain command and control of the infrastructure.