Saturday, January 25, 2025
HomeSecurity NewsDHS and FBI Issued Security alert on Cyber Attacks Targeting Energy Firms...

DHS and FBI Issued Security alert on Cyber Attacks Targeting Energy Firms and Critical Infrastructure

Published on

SIEM as a Service

Follow Us on Google News

Industrial management systems (ICS/SCADA) are now the prime target for cyber attackers seeking to compromise the production base and public utilities.DHS and FBI issued Security alert on the energy sector cyber attack.

The United States’ Department of Homeland Security has issued a warning that alerts of advanced persistent threat (APT) activities targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.

Since from the last May 2017 these targets targetting government entities and in some cases, it even compromises the victims’ network.It’s Extremely challenging task to identify and successfully deploy an absolutely innovative and never-seen-before defense solution for Industrial Control System (ICS).

Energy Sector cyber attack

Hackers categorize the attacks here, they are targetting initial victims such as suppliers and contractors who are having less secure networks and then hit the ultimate target organization network.

Also Read Important Consideration of Industrial Network Security and Protect SCADA & ICS System

They have employed various threat actors

  • open-source reconnaissance,
  • spear-phishing emails (from compromised legitimate accounts),
  • watering-hole domains,
  • host-based exploitation,
  • industrial control system (ICS) infrastructure targeting, and
    ongoing credential gathering.
Hackers used Watering Hole Domains as their primary target to compromise staging targets, they compromise the infrastructure of trusted organizations and then alter them to contain and reference malicious content. Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure.

DHS and FBI suggest network users and administrators utilize the following detection and prevention guidelines to help guard against this campaign.

DHS and FBI recommend that network administrators review the IP addresses, domain names, file hashes, and YARA and Snort signatures provided and add the IPs to their watchlist to determine whether the malicious activity is occurring within their organization.

With the report submitted by TrapX in August on the attack over ICS and SCADA security with real-world examples.Many energy sector cyber attackers tend to use generic cyber attack tools and normal malware.

Also Read Most Important Consideration for Industrial Control System(ICS) Cyber Defense

There could be any reason for an incident to have happened on. Likewise,

  • Lack of redundancy in the network.
  • No segmentation of network.
  • No security perimeter is defined.
  • Firewall is not incorporated in the network architecture.
  • No deep inspection of packets moving from field device to field device or control server.
  • Insecure remote connections.
  • Lack of compatibility of security architectural components with legacy protocols and system.
  • No mechanism to identify the changes in the configuration of field device and files.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome...

North Korean Hackers Stolen $2.2 Billion From Crypto Platforms In 2024

Cryptocurrency hacking incidents in 2024 surged 21.07% YoY to $2.2 billion, with 303 breaches...

Deloitte Denies Breach, Claims Only Single System Affected

Ransomware group Brain Cipher claimed to have breached Deloitte UK and threatened to publish...