Cybereason CISO
Israel Barak
industry unlocked
44
I
The energy sector – and the ICS (industrial
control systems) that run the pumps, switches
and meters responsible for powering homes
and businesses – have long been on the
radar of cyberattackers. Cybersecurity firm
Cybereason reveals the findings of a honeypot
project further exploring the cyberthreat to the
sector in this report.
In recent years attackers have hacked into the
control system of a dam in New York, shut down
Ukraine’s power grid and installed malware on
the OSes of US companies in the energy, nuclear
and water sectors.
As attacks against infrastructure providers have
increased, adversaries who specifically target
ICS have emerged, based on the findings of
Cybereason researchers who analysed the
data coll ected in a honeypot that masqueraded
as a power transmission substation of a major
electricity provider.
Judging by how quickly the attackers operated,
they are very familiar with ICS, the security
measures that utility providers implement and
know how to move from an IT environment to an
OT (operational technology) environment. Just two
days after the honeypot went live, attackers had
discovered it, prepared the asset for sale on the
Dark Web and sold it to another criminal entity
who was also interested in ICS environments.
The attackers
appear to have
been specifically
targeting the
ICS environment
from the moment
they got into the
environment.
Unlike other attackers who buy and sell access
to compromised networks, the adversaries who
accessed the honeypot showed no interest in
partaking in more generic and less targeted
activity like running botnets for cryptomining,
spamming and launching DDoS attacks, said
Cybereason CISO Israel Barak.
In this case, the attackers had one intention –
getting to the OT network.
“The attackers appear to have been specifically
targeting the ICS environment from the moment
they got into the environment. They demonstrated
Issue 06
|
www.intelligentciso.com