Saturday, October 5, 2024
HomeSecurity NewsDHS and FBI Issued Security alert on Cyber Attacks Targeting Energy Firms...

DHS and FBI Issued Security alert on Cyber Attacks Targeting Energy Firms and Critical Infrastructure

Published on

Industrial management systems (ICS/SCADA) are now the prime target for cyber attackers seeking to compromise the production base and public utilities.DHS and FBI issued Security alert on the energy sector cyber attack.

The United States’ Department of Homeland Security has issued a warning that alerts of advanced persistent threat (APT) activities targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.

Since from the last May 2017 these targets targetting government entities and in some cases, it even compromises the victims’ network.It’s Extremely challenging task to identify and successfully deploy an absolutely innovative and never-seen-before defense solution for Industrial Control System (ICS).

Energy Sector cyber attack

Hackers categorize the attacks here, they are targetting initial victims such as suppliers and contractors who are having less secure networks and then hit the ultimate target organization network.

- Advertisement - EHA

Also Read Important Consideration of Industrial Network Security and Protect SCADA & ICS System

They have employed various threat actors

  • open-source reconnaissance,
  • spear-phishing emails (from compromised legitimate accounts),
  • watering-hole domains,
  • host-based exploitation,
  • industrial control system (ICS) infrastructure targeting, and
    ongoing credential gathering.
Hackers used Watering Hole Domains as their primary target to compromise staging targets, they compromise the infrastructure of trusted organizations and then alter them to contain and reference malicious content. Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure.

DHS and FBI suggest network users and administrators utilize the following detection and prevention guidelines to help guard against this campaign.

DHS and FBI recommend that network administrators review the IP addresses, domain names, file hashes, and YARA and Snort signatures provided and add the IPs to their watchlist to determine whether the malicious activity is occurring within their organization.

With the report submitted by TrapX in August on the attack over ICS and SCADA security with real-world examples.Many energy sector cyber attackers tend to use generic cyber attack tools and normal malware.

Also Read Most Important Consideration for Industrial Control System(ICS) Cyber Defense

There could be any reason for an incident to have happened on. Likewise,

  • Lack of redundancy in the network.
  • No segmentation of network.
  • No security perimeter is defined.
  • Firewall is not incorporated in the network architecture.
  • No deep inspection of packets moving from field device to field device or control server.
  • Insecure remote connections.
  • Lack of compatibility of security architectural components with legacy protocols and system.
  • No mechanism to identify the changes in the configuration of field device and files.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Prince Ransomware Hits UK and US via Royal Mail Phishing Scam

A new ransomware campaign targeting individuals and organizations in the UK and the US...

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...

Email Header Analysis – Verify Received Email is Genuine or Spoofed

Email Header Analysis highly required process to prevent malicious threats since Email is...