Industrial management systems (ICS/SCADA) are now the prime target for cyber attackers seeking to compromise the production base and public utilities.DHS and FBI issued Security alert on the energy sector cyber attack.
The United States’ Department of Homeland Security has issued a warning that alerts of advanced persistent threat (APT) activities targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.
Since from the last May 2017 these targets targetting government entities and in some cases, it even compromises the victims’ network.It’s Extremely challenging task to identify and successfully deploy an absolutely innovative and never-seen-before defense solution for Industrial Control System (ICS).
Energy Sector cyber attack
Hackers categorize the attacks here, they are targetting initial victims such as suppliers and contractors who are having less secure networks and then hit the ultimate target organization network.
They have employed various threat actors
- open-source reconnaissance,
- spear-phishing emails (from compromised legitimate accounts),
- watering-hole domains,
- host-based exploitation,
- industrial control system (ICS) infrastructure targeting, and
ongoing credential gathering.
Hackers used Watering Hole Domains as their primary target to compromise staging targets, they compromise the infrastructure of trusted organizations and then alter them to contain and reference malicious content. Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure.
DHS and FBI suggest network users and administrators utilize the following detection and prevention guidelines to help guard against this campaign.
DHS and FBI recommend that network administrators review the IP addresses, domain names, file hashes, and YARA and Snort signatures provided and add the IPs to their watchlist to determine whether the malicious activity is occurring within their organization.
With the report submitted by TrapX in August on the attack over ICS and SCADA security with real-world examples.Many energy sector cyber attackers tend to use generic cyber attack tools and normal malware.
There could be any reason for an incident to have happened on. Likewise,
- Lack of redundancy in the network.
- No segmentation of network.
- No security perimeter is defined.
- Firewall is not incorporated in the network architecture.
- No deep inspection of packets moving from field device to field device or control server.
- Insecure remote connections.
- Lack of compatibility of security architectural components with legacy protocols and system.
- No mechanism to identify the changes in the configuration of field device and files.