How Hackers Target Critical Infrastructure

A cybersecurity firm says it uncovered the methods and tools hackers use to target critical infrastructure organizations, activity it observed by creating a website that masqueraded as a major electricity provider.

Cybereason on Monday released a report on its "Honeypot Project," which is designed so that the firm's researchers could learn more about the tactics and techniques hackers employ while trying to compromise control systems. 

The fake website, known as a honeypot in cyber-speak, was made to resemble a large, well-known electricity provider that served customers in both the United States and United Kingdom.

Cybereason found that the hackers acted quickly.

"Just two days after the honeypot went live, attackers had discovered it, prepared the asset for sale on the dark Web and sold it to another criminal entity who was also interested in [industrial control system] environments," according to the report.

The first set of hackers found ways around firewalls and other security measures by employing a tool called 'xrdp' to gain access to Remote Desktop Protocol (RDP) servers in environments.

The software helped the hackers get around certain administrator restrictions in Windows and quietly gain access to an environment using a compromised user's credentials. They also created backdoors for the new owners to eventually use.

The criminals appear to have bought xrdp from one of the largest underground criminal marketplaces known as xDedic, a digital black market.

By the time the new owners began to become active, they appeared only interested in gaining control of the operational technology (OT) environment, which operated utility providers' hardware systems like pumps, monitors, and breakers, according to the report.

"Whoever controls the OT environment determines who gets utilities like electricity, natural gas and water," Cybereason found.

But Cybereason said these "specialized" hackers did not appear to be part of the "upper echelon of attackers,” because they made some mistakes along the way.

“Despite the attackers’ sophisticated techniques, they made some amateur moves that indicate their approach needs some refinement,” Ross Rustici, Cybereason’s senior director of intelligence, said in a statement.

The ongoing project, which went live on July 17, had been underway for a week when the Department of Homeland Security announced that Russians have targeted the control systems of hundreds of electricity providers.

In recent years, hackers have targeted the control system of a New York state dam as well as managed to successfully shut down Ukraine’s power grid in an attack.

The Hill:

You Might Also Read:

US Accuses Russia Of Attacking Energy Infrastructure

« You Don't Need To Be A Hacker ...
The Future Airman Is A Hacker »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Tanium

Tanium

Tanium is an endpoint security and systems management company.

Superscript

Superscript

Superscript (formerly Digital Risks) is an insurance broker for small businesses, sole-traders, landlords and high-growth tech firms. Our services include Cyber Liability insurance.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

Agesic

Agesic

Agesic is an institution that leads the development of the Digital Government and the Information and Knowledge Society in Uruguay.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions creates enterprise mobility and file sharing solutions for companies, teams and freelancers.

Araxxe

Araxxe

Araxxe delivers Revenue Assurance, End-to-End Billing Verification and Interconnect Fraud Detection solutions to communication companies worldwide.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

SuperCom

SuperCom

SuperCom are a global secure solutions integrator and technology provider for governments and other consumers facing organizations around the world.

Cyber Security Canada

Cyber Security Canada

Cyber Security Canada is an accredited Certification Body for government-backed Cyber Security Certification Programs, designed specifically for small and medium-sized Canadian businesses.

Novacoast

Novacoast

Novacoast helps organizations find, create & implement solutions for a powerful security posture through advisory, engineering, development & managed services.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Custocy

Custocy

Custocy is a unique collaborative AI technology that identifies sophisticated and unknown (zero-day) attacks.

Cytacs

Cytacs

Cytacs is the AI-powered cyber security platform specifically designed for small and medium-scale enterprises.