Categories: SecurityWorkspace

Attacks On Critical Infrastructure Now ‘More Targeted’

A new study has added fresh urgency to concerns around the vulnerability of critical infrastructure to cyber-attacks.

Researchers at Cybereason said a fake industrial control network set up to lure attackers was quickly compromised by cyber-criminals who stole data and triggered a ransomware attack.

The network, set up earlier this year, followed up from a similar experiment in 2018.

It was made to look like an electricity company with operations in North America and Europe, and included common security vulnerabilities, as well as controls such as segmentation between different environments.

Backdoor

The network included an IT environment, operational technology and human-machine interfaces.

Cybereason found that attackers were able to quickly brute-force the administrator password used for publicly accessible remote administration interfaces and gain access to the network.

The attacker then executed a PowerShell script that created a backdoor user account, allowing them to continue their operations.

They stole login credentials, allowing them to move laterally across the network and compromise more machines, harvesting additional credentials along the way.

The compromised endpoints included data controllers, which can take up to several hours to infiltrate, Cybereason said.

While the systems were implanted with ransomware early on, it was activated only after the other data had been compromised, in order to maximise the attackers’ leverage over their target.

Maximising profits

“This attack highlights an ongoing trend where ransomware attacks are no longer just deploying and detonating; they are taking their time to maximise their profit per targeted organisation by impacting the availability of multiple machines and the confidentiality of proprietary data,” Cybereason said in an advisory.

Ransomware attackers are expanding their hacking operations to include data breaches and damaging companies’ reputations by releasing sensitive data, the company added.

Israel Barak, Cybereason’s chief information security officer, said attackers are increasingly focusing on such multi-stage attacks.

“Given the results of this research, we conclude that multistage ransomware attacks on critical infrastructure providers are increasingly dangerous and more prevalent,” he said in an analysis of the findings.

He said critical infrastructure providers are particularly at risk from a “constant barrage” of cyber-attacks by “motivated and oftentimes well-funded groups” of cyber-criminals and state-sponsored actors.

Multi-stage attacks

The shift toward multi-stage attacks has occurred over the past two years, Barak said.

The change has come as hackers more closely target particular companies in order to make more money from each successful infection, he said.

But the more gradual approach also gives organisations an opportunity to detect and respond after their networks have been compromised, Barak said.

“This operational pattern… represents an opportunity for defenders with a rapid detection and response process to detect the attack at its early stages and respond effectively before ransomware is able to impact the environment,” he wrote in the study.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago