How Hackers Target Critical Infrastructure

Uploaded on 2018-08-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

A cybersecurity firm says it uncovered the methods and tools hackers use to target critical infrastructure organizations, activity it observed by creating a website that masqueraded as a major electricity provider.

Cybereason on Monday released a report on its "Honeypot Project," which is designed so that the firm's researchers could learn more about the tactics and techniques hackers employ while trying to compromise control systems. 

The fake website, known as a honeypot in cyber-speak, was made to resemble a large, well-known electricity provider that served customers in both the United States and United Kingdom.

Cybereason found that the hackers acted quickly.

"Just two days after the honeypot went live, attackers had discovered it, prepared the asset for sale on the dark Web and sold it to another criminal entity who was also interested in [industrial control system] environments," according to the report.

The first set of hackers found ways around firewalls and other security measures by employing a tool called 'xrdp' to gain access to Remote Desktop Protocol (RDP) servers in environments.

The software helped the hackers get around certain administrator restrictions in Windows and quietly gain access to an environment using a compromised user's credentials. They also created backdoors for the new owners to eventually use.

The criminals appear to have bought xrdp from one of the largest underground criminal marketplaces known as xDedic, a digital black market.

By the time the new owners began to become active, they appeared only interested in gaining control of the operational technology (OT) environment, which operated utility providers' hardware systems like pumps, monitors, and breakers, according to the report.

"Whoever controls the OT environment determines who gets utilities like electricity, natural gas and water," Cybereason found.

But Cybereason said these "specialized" hackers did not appear to be part of the "upper echelon of attackers,” because they made some mistakes along the way.

“Despite the attackers’ sophisticated techniques, they made some amateur moves that indicate their approach needs some refinement,” Ross Rustici, Cybereason’s senior director of intelligence, said in a statement.

The ongoing project, which went live on July 17, had been underway for a week when the Department of Homeland Security announced that Russians have targeted the control systems of hundreds of electricity providers.

In recent years, hackers have targeted the control system of a New York state dam as well as managed to successfully shut down Ukraine’s power grid in an attack.

The Hill:

You Might Also Read:

US Accuses Russia Of Attacking Energy Infrastructure

« You Don't Need To Be A Hacker ...
The Future Airman Is A Hacker »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

Detack

Detack

Detack is an independent supplier of IT security auditing and consulting services.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Cutting Edge Technologies (CE Tech)

Cutting Edge Technologies (CE Tech)

CE Tech is a Next Generation Technology Partner providing advanced technology infrastructure solutions through partnerships with leading technology providers.

Nucleon Security

Nucleon Security

Nucleon Endpoint Detection and Response EDR is the most effective way to protect the value created by your organization against any threat.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

MDSec

MDSec

MDSec is a consultancy with a passion for information security. Our consultants specialise in application, mobile and hardware security and targeted red team attacks.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

Nagomi Security

Nagomi Security

Nagomi is changing the way security teams balance risk and defense, empowering customers to focus on what matters now.

Reken

Reken

Reken are building a new type of AI platform and products to protect against generative AI threats.

Umbrella Cyber

Umbrella Cyber

Umbrella Cyber specialises in Cyber Essentials and Cyber Essentials Plus Certification and penetration testing.

Quantum Squint

Quantum Squint

Quantum Squint is a cutting-edge cybersecurity company specializing in the use of advanced regression management techniques to detect, analyze, and prevent vulnerabilities in digital systems.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.