How Hackers Target Critical Infrastructure

Uploaded on 2018-08-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities

A cybersecurity firm says it uncovered the methods and tools hackers use to target critical infrastructure organizations, activity it observed by creating a website that masqueraded as a major electricity provider.

Cybereason on Monday released a report on its "Honeypot Project," which is designed so that the firm's researchers could learn more about the tactics and techniques hackers employ while trying to compromise control systems. 

The fake website, known as a honeypot in cyber-speak, was made to resemble a large, well-known electricity provider that served customers in both the United States and United Kingdom.

Cybereason found that the hackers acted quickly.

"Just two days after the honeypot went live, attackers had discovered it, prepared the asset for sale on the dark Web and sold it to another criminal entity who was also interested in [industrial control system] environments," according to the report.

The first set of hackers found ways around firewalls and other security measures by employing a tool called 'xrdp' to gain access to Remote Desktop Protocol (RDP) servers in environments.

The software helped the hackers get around certain administrator restrictions in Windows and quietly gain access to an environment using a compromised user's credentials. They also created backdoors for the new owners to eventually use.

The criminals appear to have bought xrdp from one of the largest underground criminal marketplaces known as xDedic, a digital black market.

By the time the new owners began to become active, they appeared only interested in gaining control of the operational technology (OT) environment, which operated utility providers' hardware systems like pumps, monitors, and breakers, according to the report.

"Whoever controls the OT environment determines who gets utilities like electricity, natural gas and water," Cybereason found.

But Cybereason said these "specialized" hackers did not appear to be part of the "upper echelon of attackers,” because they made some mistakes along the way.

“Despite the attackers’ sophisticated techniques, they made some amateur moves that indicate their approach needs some refinement,” Ross Rustici, Cybereason’s senior director of intelligence, said in a statement.

The ongoing project, which went live on July 17, had been underway for a week when the Department of Homeland Security announced that Russians have targeted the control systems of hundreds of electricity providers.

In recent years, hackers have targeted the control system of a New York state dam as well as managed to successfully shut down Ukraine’s power grid in an attack.

The Hill:

You Might Also Read:

US Accuses Russia Of Attacking Energy Infrastructure

« You Don't Need To Be A Hacker ...
The Future Airman Is A Hacker »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SealPath

SealPath

SealPath enables companies to protect and control their documents wherever they are: In their PC, in their corporate network, on a partner’s network, in the cloud.

NQA Certification

NQA Certification

NQA provides certification to a range of ISO standards including ISO 27001 for information security management.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

ITsMine

ITsMine

ITsMine’s Beyond DLP solution is a leading Data Loss Prevention solution used by organizations to protect against internal and external threats automatically.

Pixm

Pixm

Pixm’s computer vision based approach offers a truly unique and effective means to protect organizations from web-based phishing attacks.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

StrikeReady

StrikeReady

StrikeReady have developed CARA, an advanced technology solution that offers personalized and proactive assessment and remediation of future and current risk in real-time.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

Scybers

Scybers

Scybers are a global cybersecurity advisory and managed services company. With our deep expertise, we help our clients reduce their cyber risks with confidence.

Cynical Technology

Cynical Technology

Cynical Technology is a Nepalese cybersecurity company with expertise in security consulting, auditing, testing and compliance.

Arista Middle East

Arista Middle East

Arista Middle East is part of Global Arista Technologies specializing in OT Cybersecurity.

PingSafe

PingSafe

PingSafe is creating the next-generation cloud security platform powered by attackers' intelligence, providing coverage for vulnerabilities that traditional security solutions would otherwise overlook

Proaxiom

Proaxiom

Proaxiom are focused on erasing cyber driven panic paralysis for Small and Medium Enterprises through brilliant cyber technologies which drive productivity and support growth.

XONA Systems

XONA Systems

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.

TeamSystem

TeamSystem

TeamSystem is a leading tech company in the market for digital business management solutions for companies and professionals.