One of the cybersecurity predictions for 2017 was attacks against the critical infrastructure. Earlier this week, the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a joint statement warning of Advanced Persistent Threats (APT) aimed at:
government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. Working with U.S. and international partners, DHS and FBI identified victims in these sectors.
As Dana Tamir, VP of Market Strategy for Indegy, explained to me, the attackers are using an old favorite attack method – phishing. Or in this case, spearphishing emails specifically designed to target industrial control systems personnel with malicious Microsoft Word attachments masked as legitimate files, including resumes, policy documents, and so on. Tamir added:
Upon infiltrating the targeted networks, attackers conducted reconnaissance scans that specifically were looking for ICS or SCADA (Supervisory Control and Data Acquisition) system files that contained relevant vendor names and ICS reference documents like wiring diagrams and technical specifications.
This illustrates that attackers are intent on gathering very specific intelligence on operational networks and the technologies they can use to plan future attacks.
It’s not like the bad guys have just discovered the critical infrastructure, though. We’ve seen incidents before where utilities were hit with a cyberattack. But let’s be realistic. The infrastructure has poor security mechanisms in place, often uses outdated software systems (I’d love to know how many still rely on Windows XP), and is ripe to be the next big targeted industry. The difference here is that it isn’t cybercriminals going after financial gains but nation-state actors using cyber espionage tactics. As Christy Wyatt, CEO at Dtex Systems, told me in an email comment:
Agencies and organizations in charge of critical infrastructure such as the power grid can no longer rely on simply defending their network perimeter. They need to protect their employees both on and off the company network by implementing real-time visibility into user behavior at the source: the endpoint. Doing so enables security teams to see anomalies in user behavior and take action quickly. Without a deep understanding of users and their unique human behaviors, we will continue to see power outages and other consequences of relentless attacks on critical infrastructure around the globe.
Businesses need to pay attention to this, as Paul Edon, international services director at Tripwire, told eSecurity Planet. Businesses are now often directly linked with the industries that make up the critical infrastructure, and if one is vulnerable to a compromise, we all are.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba