INFRA
INFRA
INFRA
US warns hackers are targeting energy, infrastructure and manufacturing sectors
The U.S. Department of Homeland Security and the Federal Bureau of Investigation have issued a rare joint statement warning that hackers are targeting firms in the energy, nuclear, water, aviation and critical manufacturing sectors.
The warning, issued last Thursday through the United States Computer Emergency Readiness Team, said malicious actors had been targeting the sectors in a range of attacks dating back to May and that those behind the attacks have managed to compromise some targeted networks. The warning said the attacks often consisted of multistage intrusion campaigns in which hackers first target low-security and smaller networks as a way to gain backdoor access to larger networks at major, high-value targets, particularly in the energy sector.
Those behind the attacks use a number of different stages to gain access to their targets, starting with open-source reconnaissance — that is, the process of gathering publicly available information. They deploy spear phishing campaigns that attempt to trick employees at a target company either to click on a malicious link or to provide further information.
Described in the report as “watering-hole domains,” the hackers are also identified as gaining access to, then changing, legitimate organization web pages to serve malicious scripts that allow them to gather more information on their target, including credential gathering. With that information on hand, the hackers then target industrial control systems, including those involved with the day-to-day running of the targeted company.
Neither DHS nor the FBI would comment further on the details of the hacking incidents mentioned in the warning. DHS spokesman Scott McConnell said only that “the technical alert provides recommendations to prevent and mitigate malicious cyber activity targeting multiple sectors and reiterated our commitment to remain vigilant for new threats.”
Those recommendations include encouraging network users and administrators in implement a range of “detection and prevention guidelines to help defend against this activity,” most of which would be obvious to large enterprise firms but perhaps not so much to smaller ones.
Network administrators are encouraged to implement network and host-based signatures, detection and prevention measures such as IP tracking and logging, persistence detection and perhaps the most obvious recommendation of them all: the implementation of security best practices.
Photo: Vikramdeep Sidhu/Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
.jpg){kind=link}