Over the last couple of years, we have seen a marked shift in cyber-attacks. Traditionally, hackers have focused on theft; stealing data is easily monetizable, which meant that headline attacks tended to involve the breach of personal information or intellectual property. But now a new kind of threat is on the rise. Attacks now involve sabotaging and disrupting the technology systems that support manufacturing, energy generation, and transportation.
Hackers have increasingly focused their attention to breaking into industrial environments. Against the ongoing backdrop of cyber conflict between nation states and escalating warnings from the Department of Homeland Security, critical infrastructure is becoming a central target for threat actors.
Read more about critical infrastructure attacks on SecurityWeek.
The Federal Communications Commission has launched an investigation into a phone and Internet outage that disrupted 911 services across the country starting last Thursday.
The telecommunications giant CenturyLink says the outage began at 8:18 a.m. ET on Thursday. It primarily affected Western states, but emergency service providers on both coasts reported disruptions. CenturyLink has said “a network element … was impacting customer services” but has offered no further details on the cause of the outage or the number of customers affected. FCC Chairman Ajit Pai called the outage “completely unacceptable.”
It’s called the “Dark Side” because the 50 workers there prefer to keep the lights low so they can dim the brightness on their computer screens. Or maybe it’s because of what they do in cyber research and development. Questions about exactly what goes on at the heart of one of the United States’ primary cybersecurity facilities at the Idaho National Laboratory (INL) aren’t always answered, and photos by outsiders aren’t allowed.
What is shared is that the U.S. is rushing to catch up with what cybersecurity experts say are threats by hackers to systems that operate energy pipelines, hydroelectric projects, drinking water systems and nuclear power plants across the country.
Read more about the cybersecurity program of the INL on Phys.org.
When it comes to cyber-threats and defense, the U.S. government says that critical infrastructure threats are a growing concern. Rob Joyce, senior advisor of cybersecurity strategy for the National Security Agency (NSA), said that while attacks targeting the systems that power the manufacturing, power and water plants, the oil and gas industry, and many other sectors have been around for awhile, the trend “is going the wrong way.”
Attackers have been targeting critical infrastructure for a while: including the 2016 Ukrainian outage and going all the way back to the 2013 Iranian DDoS attacks. According to a Kaspersky Lab report earlier this year, a full 41.2 percent of industrial control system (ICS) were attacked by malicious software at least once in the first half of 2018.
Read more about the cyber-threats to critical infrastructure on Threatpost.
Researchers have detected a widespread reconnaissance campaign using a never-before-seen implant framework to infiltrate global defense and critical infrastructure players — including nuclear, defense, energy and financial companies.
The campaign, dubbed Operation Sharpshooter, began Oct. 25 when a splay of malicious documents were sent via Dropbox. The campaign’s implant has since appeared in 87 organizations worldwide, predominantly in the U.S. and in other English-speaking companies. “Our discovery of a new, high-function implant is another example of how targeted attacks attempt to gain intelligence,” said a McAfee analysis.
Read more about the new reconnaissance campaign on Threatpost.
Several critical infrastructure organizations in Russia have been targeted by hackers believed to be financially-motivated cybercriminals rather than state-sponsored cyberspies.
An analysis of malicious Word documents led researchers at endpoint security firm Cylance to discover fake websites set up to impersonate the legitimate sites of Russian oil giant Rosneft and two dozen other major Russian companies. The targets included critical infrastructure organizations in sectors such as oil, gas, chemical and agriculture, as well as some financial exchanges.
It’s the time of the year for cybersecurity predictions. This time, Suzanne Spaulding, former DHS Under Secretary and Nozomi Networks advisor believes that in 2019, provides her insights.
The things that have been holding back Russia, China, North Korea and Iran from a critical infrastructure attack on the U.S. could shift. When it comes to nation state threats on U.S. critical infrastructure, we think of four key actors: Russia, China, Iran and North Korea. Each country has been held back from attacking the U.S. for different reasons. Think about a graph with an x and y axis. The x axis represents capabilities and the y axis represents destructive intent. At the moment, Russia and China have the highest capabilities, but they fall lower on the scale of destructive intent.
Read more about Suzanne Spaulding’s predictions and learn why she believes hackers from Russia, China, North Korea or Iran may launch a critical infrastructure attack on the US in 2019, on Information Security Buzz.
Earlier this month, on a small island 1.5 miles off the shore of Long Island, the Defense Advanced Research Projects Agency (DARPA) staged a cyberattack on the US power grid.
Plum Island is currently run by the Department for Homeland Security (DHS), the federal facility comprises 70 mostly decrepit buildings. You couldn’t ask for a better spot to stage an attack on the electric power grid, according to Stan Pietrowicz, a researcher at Perspecta Labs who’s working on a network analysis and threat detection tool that can be used in so-called “black-start” situations, when power has to be restored to a dead grid.
Read more about the staged cyberattack by DARPA on NakedSecurity.
New Trend Micro research revealed how exposed human machine interface (HMI) systems in thousands of critical water and energy organizations around the world could be exploited, causing significant real-world impacts, such as contaminating the water supply.
HMIs are a key part of industrial IT systems that allow human operators to interact with supervisory control and data acquisition (SCADA) environments. A large majority of the identified exposed systems are from smaller energy and water organizations that feed the major enterprise supply chain, which serves the general public. With access to an exposed HMI system, an attacker is not only able to see all the information about critical systems, but can also interact with and abuse these interfaces.
A Russian research laboratory is behind cyber-attacks on critical infrastructure, including on a Saudi petrochemical plant, according to a new report by US cyber-security firm FireEye. The cyber-attacks took place in 2017 and deployed a never-before-seen malware strain known as Triton –or Trisis– specifically engineered to interact with Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers.
In the report, FireEye says that following further research into these attacks, it can now assess with “high confidence” that the Central Scientific Research Institute of Chemistry and Mechanics (ЦНИИХМ), a government-owned technical research institution located in Moscow, was involved in the attacks.
Read more about the startling findings of the new FireEye report on ZDNet.