Phishing Tools Used To Attack The Power Grid

Uploaded on 2018-08-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Russian hackers who penetrated hundreds of US utilities, manufacturing plants and other facilities last year gained access by using the most conventional of phishing tools, tricking staffers into entering passwords, officials said recently.

The Russians targeted mostly the energy sector but also nuclear, aviation and critical manufacturing, Jonathan Homer, head of US Homeland Security’s industrial control system analysis, said during a briefing.

They had the capability to cause mass blackouts, but chose not to, and there was no threat the grid would go down, the officials said. Instead, the hackers appeared more focused on reconnaissance. 

The victims ranged from smaller companies with no major budget for cybersecurity to large corporations with sophisticated security networks, Homer said. Vendors were targeted because of their direct access to the utilities, companies that run diagnostics or update software or perform other tasks to keep the systems running. The victims were not identified.

“This is a situation where they went in and said this is what they’re looking for, and found weaknesses there,” Homer said.

The newly disclosed details of the 2017 hack come amid growing concerns over Russia’s efforts to interfere in the November midterm elections and the recent indictments of a dozen Russian military intelligence officers accused of infiltrating the Clinton presidential campaign and the Democratic Party and releasing tens of thousands of private communications.

US national security officials previously said they had determined that Russian intelligence and others were behind the cyberattacks. They said the hackers chose their targets methodically, obtained access to computer systems, conducted “network reconnaissance” and then attempted to cover their tracks by deleting evidence of the intrusions.

The US government said it had helped the industries expel the Russians from all systems known to have been penetrated.
It wasn’t clear if more had been compromised since news of the attack was made public earlier this year. The recent briefing was intended to help businesses defend themselves from future attacks.

Homer said the attack began in 2016 with a single breach that stayed dormant nearly a year before other infiltrations occurred in concentric circles closer and closer to the US systems.

Hackers used a mix of real people downloading open-source information from company websites like photos and other data, and attacks that trick employees into entering passwords on spoofed websites. Hackers then use the passwords to compromise corporate networks. It’s possible some of the companies are unaware they were compromised, because hackers used credentials of actual employees to get inside, which could make it harder to detect, officials said.

AP News

You Might Also Read: 

Iranian Hackers Have Infiltrated US Infrastructure:

Security Features of Modern Phishing Prevention Products:

« The Impact Of Economic Espionage
Cybersecurity Jumps Up The Corporate Agenda »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Netacea

Netacea

Netacea provides a revolutionary bot management solution that protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

Expel

Expel

Expel provide transparent managed security services, 24x7 detection, response and resilience.

iSecurity Consulting

iSecurity Consulting

iSecurity delivers a complete lifecycle of digital protection services across the globe for public and private sector clients.

Kainos

Kainos

Kainos is a leading provider of Digital Services and Platforms. Our services include Digital Transformation, Cyber Security, Cloud, AI, IoT and more.

Havoc Shield

Havoc Shield

Havoc Shield is an all-in-one information security platform that includes everything a growing team needs to secure their remote workforce.

WhiteHawk

WhiteHawk

WhiteHawk is the first online Cyber Security Exchange. We help you understand your cyber risk and match you to tailored and affordable solutions.

11:11 Systems

11:11 Systems

11:11 Systems synchronizes every aspect of network services for your business. Build your network with the industry’s most trusted expert skills.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.

Freeze

Freeze

Freeze prevents attacks before they can start by finding, removing, and stopping the spread of information about your organization and employees.

Exaforce

Exaforce

At Exaforce, we are on a mission to 10× improve the productivity and efficacy of security and operations teams using our transformative multi-model AI engine.

Raven

Raven

Raven are on a mission to help companies protect their cloud native applications by focusing on runtime.