Thursday, March 28, 2024

DHS and FBI Issued Security alert on Cyber Attacks Targeting Energy Firms and Critical Infrastructure

Industrial management systems (ICS/SCADA) are now the prime target for cyber attackers seeking to compromise the production base and public utilities.DHS and FBI issued Security alert on the energy sector cyber attack.

The United States’ Department of Homeland Security has issued a warning that alerts of advanced persistent threat (APT) activities targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors.

Since from the last May 2017 these targets targetting government entities and in some cases, it even compromises the victims’ network.It’s Extremely challenging task to identify and successfully deploy an absolutely innovative and never-seen-before defense solution for Industrial Control System (ICS).

Energy Sector cyber attack

Hackers categorize the attacks here, they are targetting initial victims such as suppliers and contractors who are having less secure networks and then hit the ultimate target organization network.

Also Read Important Consideration of Industrial Network Security and Protect SCADA & ICS System

They have employed various threat actors

  • open-source reconnaissance,
  • spear-phishing emails (from compromised legitimate accounts),
  • watering-hole domains,
  • host-based exploitation,
  • industrial control system (ICS) infrastructure targeting, and
    ongoing credential gathering.
Hackers used Watering Hole Domains as their primary target to compromise staging targets, they compromise the infrastructure of trusted organizations and then alter them to contain and reference malicious content. Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure.

DHS and FBI suggest network users and administrators utilize the following detection and prevention guidelines to help guard against this campaign.

DHS and FBI recommend that network administrators review the IP addresses, domain names, file hashes, and YARA and Snort signatures provided and add the IPs to their watchlist to determine whether the malicious activity is occurring within their organization.

With the report submitted by TrapX in August on the attack over ICS and SCADA security with real-world examples.Many energy sector cyber attackers tend to use generic cyber attack tools and normal malware.

Also Read Most Important Consideration for Industrial Control System(ICS) Cyber Defense

There could be any reason for an incident to have happened on. Likewise,

  • Lack of redundancy in the network.
  • No segmentation of network.
  • No security perimeter is defined.
  • Firewall is not incorporated in the network architecture.
  • No deep inspection of packets moving from field device to field device or control server.
  • Insecure remote connections.
  • Lack of compatibility of security architectural components with legacy protocols and system.
  • No mechanism to identify the changes in the configuration of field device and files.
Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles