Saturday, June 22, 2024

DHS and FBI Issued Security alert on Cyber Attacks Targeting Energy Firms and Critical Infrastructure

Industrial management systems (ICS/SCADA) are now the prime target for cyber attackers seeking to compromise the production base and public utilities.DHS and FBI issued Security alert on the energy sector cyber attack.

The United States’ Department of Homeland Security has issued a warning that alerts of advanced persistent threat (APT) activities targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.

Since from the last May 2017 these targets targetting government entities and in some cases, it even compromises the victims’ network.It’s Extremely challenging task to identify and successfully deploy an absolutely innovative and never-seen-before defense solution for Industrial Control System (ICS).

Energy Sector cyber attack

Hackers categorize the attacks here, they are targetting initial victims such as suppliers and contractors who are having less secure networks and then hit the ultimate target organization network.

Also Read Important Consideration of Industrial Network Security and Protect SCADA & ICS System

They have employed various threat actors

  • open-source reconnaissance,
  • spear-phishing emails (from compromised legitimate accounts),
  • watering-hole domains,
  • host-based exploitation,
  • industrial control system (ICS) infrastructure targeting, and
    ongoing credential gathering.
Hackers used Watering Hole Domains as their primary target to compromise staging targets, they compromise the infrastructure of trusted organizations and then alter them to contain and reference malicious content. Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure.

DHS and FBI suggest network users and administrators utilize the following detection and prevention guidelines to help guard against this campaign.

DHS and FBI recommend that network administrators review the IP addresses, domain names, file hashes, and YARA and Snort signatures provided and add the IPs to their watchlist to determine whether the malicious activity is occurring within their organization.

With the report submitted by TrapX in August on the attack over ICS and SCADA security with real-world examples.Many energy sector cyber attackers tend to use generic cyber attack tools and normal malware.

Also Read Most Important Consideration for Industrial Control System(ICS) Cyber Defense

There could be any reason for an incident to have happened on. Likewise,

  • Lack of redundancy in the network.
  • No segmentation of network.
  • No security perimeter is defined.
  • Firewall is not incorporated in the network architecture.
  • No deep inspection of packets moving from field device to field device or control server.
  • Insecure remote connections.
  • Lack of compatibility of security architectural components with legacy protocols and system.
  • No mechanism to identify the changes in the configuration of field device and files.

Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles