Phishing Tools Used To Attack The Power Grid

Uploaded on 2018-08-21 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

Russian hackers who penetrated hundreds of US utilities, manufacturing plants and other facilities last year gained access by using the most conventional of phishing tools, tricking staffers into entering passwords, officials said recently.

The Russians targeted mostly the energy sector but also nuclear, aviation and critical manufacturing, Jonathan Homer, head of US Homeland Security’s industrial control system analysis, said during a briefing.

They had the capability to cause mass blackouts, but chose not to, and there was no threat the grid would go down, the officials said. Instead, the hackers appeared more focused on reconnaissance. 

The victims ranged from smaller companies with no major budget for cybersecurity to large corporations with sophisticated security networks, Homer said. Vendors were targeted because of their direct access to the utilities, companies that run diagnostics or update software or perform other tasks to keep the systems running. The victims were not identified.

“This is a situation where they went in and said this is what they’re looking for, and found weaknesses there,” Homer said.

The newly disclosed details of the 2017 hack come amid growing concerns over Russia’s efforts to interfere in the November midterm elections and the recent indictments of a dozen Russian military intelligence officers accused of infiltrating the Clinton presidential campaign and the Democratic Party and releasing tens of thousands of private communications.

US national security officials previously said they had determined that Russian intelligence and others were behind the cyberattacks. They said the hackers chose their targets methodically, obtained access to computer systems, conducted “network reconnaissance” and then attempted to cover their tracks by deleting evidence of the intrusions.

The US government said it had helped the industries expel the Russians from all systems known to have been penetrated.
It wasn’t clear if more had been compromised since news of the attack was made public earlier this year. The recent briefing was intended to help businesses defend themselves from future attacks.

Homer said the attack began in 2016 with a single breach that stayed dormant nearly a year before other infiltrations occurred in concentric circles closer and closer to the US systems.

Hackers used a mix of real people downloading open-source information from company websites like photos and other data, and attacks that trick employees into entering passwords on spoofed websites. Hackers then use the passwords to compromise corporate networks. It’s possible some of the companies are unaware they were compromised, because hackers used credentials of actual employees to get inside, which could make it harder to detect, officials said.

AP News

You Might Also Read: 

Iranian Hackers Have Infiltrated US Infrastructure:

Security Features of Modern Phishing Prevention Products:

« The Impact Of Economic Espionage
Cybersecurity Jumps Up The Corporate Agenda »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Intelligence-sec

Intelligence-sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

MaxMind

MaxMind

MaxMind is an industry-leading provider of IP intelligence and online fraud detection tools.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

SOCOTEC Certification International

SOCOTEC Certification International

SOCOTEC Certification International has been providing management systems assessment and accredited ISO certification services to organisations around the world since 1995.

AUTOCRYPT

AUTOCRYPT

AUTOCRYPT is a mobility security provider dedicated to the safety of future transportation

NuID

NuID

NuID is a pioneer in trustless authentication and decentralized digital identity.

Secure Ideas

Secure Ideas

Secure Ideas is focused on penetration testing and application security including web applications, web services and mobile applications.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Digitpol

Digitpol

Digitpol’s Cyber Crime Investigation experts investigate hacking incidents, ransomware, extortion and conduct security audits and IT upgrades.

Cyvatar

Cyvatar

Cyvatar is a technology-enabled cyber security as a service (CSaaS) provider delivering smarter managed security to help you achieve compliance and security faster and more efficiently.

Certihash

Certihash

Certihash have developed the world’s first blockchain empowered suite of information security tools based on the NIST cybersecurity framework.

Hush

Hush

Hush is a premium privacy service that gives people unprecedented visibility and control of their digital footprint. Hush assesses threats, and goes to work to eliminate digital risks on your behalf.

Techmentum

Techmentum

At Techmentum, our mission is to utilize technology to help companies succeed. Our expertise includes fully managed IT services, cybersecurity, cloud, and custom technology solutions.

AI Safety Institute (AISI)

AI Safety Institute (AISI)

The AI Safety Institute’s mission is to minimise surprise to the UK and humanity from rapid and unexpected advances in AI.

Teal

Teal

Teal provides exceptional managed IT solutions for small- to medium-sized organizations that value real partnerships and elevated security.