The U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) have recently mentioned in a statement that an advanced persistent threat (APT) campaign is specifically targeting government entities and organizations. The affected entities are energy, nuclear, water, aviation and critical manufacturing sectors.
Attackers are targeting low security networks and third party suppliers.
“Based on malware analysis and observed [indicators of compromise], DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign,” the alert mentioned
Attackers use public website tor phishing attack.
“As an example, the threat actors downloaded a small photo from a publicly accessible human resources page,” the report states. “The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background.”
Hackers try to steal login information through security loopholes.
“Although these watering holes may host legitimate content by reputable organizations, the threat actors have altered them to contain and reference malicious content,” the alert mentioned.
“Approximately half of the known watering holes are trade publications and information websites related to process control, ICS, or critical infrastructure.”
Attackers conduct reconnaissance operations after getting into system.
“Specifically, the threat actors focused on identifying and browsing file servers within the intended victim’s network,” the alert states. “The threat actors viewed files pertaining to ICS or Supervisory Control and Data Acquisition (SCADA) systems.”
In one case hackers got inside energy installation systems.
Virsec Systems CEO Atiq Raza told eSecurity Planet that attack has common pattern “Rather than directly attacking high security networks, hackers are doing careful reconnaissance of connected third parties, staging servers or watering holes for insiders,” he said. “Once hackers steal credentials, or find a less secure backdoor, they can quickly pivot to more secure servers, bypassing traditional network perimeter security.”
“IT security needs to assume the perimeter is porous and focus more directly on guarding sensitive applications and data,” Raza added.
____________________________________________________________________________________
AlertSec ACCESS is a patent pending technology designed to check that devices are encrypted before access to a network is granted. Encrypted devices secure your data even if they are lost or stolen.