TNW reports on official statements by both the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) in a recently released report, detailing how Russian nation state actors are targeting malicious cyber attacks at American critical infrastructure operators:
FBI and DHS officials pinpointed two distinct categories of victims: staging and intended targets. For the initial attack, hackers often infiltrated trusted third-party suppliers for their intended marks. Knowing these targets often relied on less-secure networks than their final victim, the threat actors used them as a sort of trojan horse to plant malware that was actually intended for a much bigger target. These were then used as pivot points to activate the planted malware for use in compromising larger, more-secure networks.
Today’s report didn’t reveal who these marks were, at least not specifically. It did state, however, that the attacked locations were “small commercial facilities” and that these were coordinated and targeted, not random. These also happen to be some of the most vulnerable facilities to these types of attacks, with some running systems first deployed over a decade ago.
Accompanying the allegations today were new sanctions on Russia. The sanctions target at least three organizations and 13 individuals. Of those, perhaps the most recognizable is the Internet Research Agency, the so-called “troll farm” responsible for wreaking havoc on the 2016 Presidential election through its use of Facebook ads designed to exploit divisions in American politics.
This is not anything new. Russia, and other nation state actors, have been probing US critical infrastructure, specifically the electric power industry, for years. Think about it – the US relies on computers, networks, and other technologies to conduct day-to-day work.
All of these devices require electricity to operate. That is the common denominator. Take out the electric power plants, and the nation that did so now has the upper hand in a kinetic attack.
This is not rocket science. It is why the electric power industry is one of the specifically named US critical infrastructure sectors. It is also why the industry needs to be proactive in not only securing their IT and OT assets, but also employing a strong situational awareness, and detection and alert strategy.
If an organization has no eyes on the network, they could be under attack and never know it until the lights go out. Literally and figuratively.