While penetrating the network of downline vendors, the Russian hackers have gained access to a reportedly secure, isolated network, which is basically allowing them to eventually reach the control rooms of US utilities, according to the Wall Street Journal.
The State-Sponsored Hacking Team, which aims at serious threat to critical infrastructure, which has been on the watch list of the Department of Homeland Security (DHS) since 2014. Which is using the stolen credentials which were gained from spear-phishing emails and watering-hole attacks, the hacker’s activities which went undetected, and allowed them to steal all the confidential information and “familiarize themselves with how the facilities were supposed to work,” WSJ reported.
This hacking activity of Russian hacking group happened in the late summer 2017, according to the email from DHS spokesman Lesley Fulop. In fact, Fulop has wrote that DHS has hosted a webinar on 23 July to share the actionable information with its industry and government partners to help them better protect their networks and improve the nation’s collective defense against the cyber attacks.
“While hundreds of energy and non-energy companies were targeted, the incident where they gained access to the industrial control system was small generation asset which would not have any impact over the larger grid if taken offline,” said Fulop. “Over the course of the past year as we were continued to investigate the activity, we learned additional information which would be helpful to the industry to defending against the threats. We will continue our strong public-private partnership and remain the vigilant in defending the critical infrastructure.”
“Protecting our nation’s critical infrastructure is a shared responsibility between the DHS and our public and private sector partners. Industry has invested the significant resources in defending against the nation state actors and this investment is working.”
This part of the investment do includes the empowering services which the providers will identify the weaknesses in the third-party vendors, Critical security strategy which will intend to prevent all these types of attacks. “If they beat you just once by finding a single exploitable weakness within a single vendor, supplier or contractor, the results can be catastrophic. Rather than reacting to breach like this after occur, utilities providers need to take a more proactive to managing the third party risks,” said Fred Kneip, CEO, CyberGRX.
“That means to identifying the third parties with weak security controls before they are exploited, and working with them to mitigate the risk of attacks and breaches before they become a target for attacker.”
In order to defend against the huge cyber security threats from Russia and other nation state attacks, the cybersecurity community and the US government should need to act, said Steve Kahan, CMO, Thycotic.
“The NIST framework cybersecurity, However, to be truly effective, the NIST regulation must compel the operators of essential services to deliver higher levels of cybersecurity and require that these essential services remain available during an attack.”