Rising cyber threats amid Russia-Ukraine war
On August 2, the pro-Russian hacker group Killnet announced it had launched a “new type” of cyber attack on Lockheed Martin, the manufacturer of M142 High Mobility Artillery Rocket System (HIMARS), supplied by the U.S. to the Ukrainian army during the war. In addition, Alexei Leonov, editor of the Russian military magazine Arsenal Otechestva claimed that Russian Military units had hacked into the HIMARS units operating on the Ukrainian battlefield. These reports are of great importance, in light of statements made by Russian military personnel and experts, describing the essentiality of HIMARS for the Ukrainian forces.
General insight
The cyber security company Claroty released research detailing a new technique that may be picked up by cyber attackers in the future to weaponize programmable logic controllers (PLCs) for the purpose of compromising engineering workstations and infiltrating local networks. The controllers are industrial computers that are responsible for controlling manufacturing processes with high reliability, dedicated to controlling, communicating, and monitoring automated processes. The computers, which mostly focus on automation, machine control and production are vulnerable and hence an attractive target for attackers. A single typical industrial network may have many PLCs that are performing various activities, which threat-actors can attack as a primary target. However, Claroty decided to take an alternative approach and investigate PLCs as a means to an end rather than the end itself. Since all PLCs are interconnected on a network - having access to one will make all of them compromised. The attacks are designed to affect industrial networks in critical industries, such as water, electricity, manufacturing and automotive. Among the companies that Claroty successfully simulated attacks on there are big names such as: Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson.
Taking preventive measures - the vendors have applied fixes, patches and created mitigation plans against attacks on PLCs, however since this is not a methodology that works to seal all possible attack pathways - it is recommended to implement network segmentation, detecting vulnerabilities prior hygiene as well as utilizing client authentication and better Public Key Infrastructure, investing in research and raising awareness of cyber-threats, actors and their capabilities in a vulnerable environment, especially for those working in critical infrastructure areas.
Other developments of August 2022
August 10 – A ransomware gang claimed to breach Cisco’s network and steal 2.8GB of data -
The American IT company Cisco announced that Yanluowang ransomware gang probably breached its corporate network in late May 2022 and attempted to extort them by sending a threat to leak stolen files on the Dark web. The hackers claimed to have stolen 2.75GB of data, consisting of 3,100 files, including non-disclosure agreements, engineering drawings et Cetera. The attackers accessed the network after hijacking an employee's personal Google account and achieving its credentials. During the attack, the hackers impersonated technical support employees by launching voice phishing attacks (vishing) and convinced the worker to accept multi-factor authentication (MFA) push notifications through MFA fatigue. Afterward, the hackers gained access to the VPN. According to a Cisco spokesperson, the company revealed the attack and took actions for containing it, in spite of ongoing attempts by the hackers to breach its network. Also, Cisco claimed it did not identify any impact to its business as a result of the incident, including its products, services or supply chain operations. Additionally, Cisco stated that the hackers didn’t receive any access to sensitive customer data, employee information or intellectual property and found no evidence of ransomwares in its networks.
August 15 – The UK government unveiled a new strategy for countering cyberthreats on the national maritime sector – The Secretary of State for Transport set out a five-year strategy, designed to secure freedom of maritime navigation for ensuring national prosperity. As part of the new strategy, the government of the UK will strengthen the cyber resilience of the local maritime sector by various means: providing guidance on best practices on cybersecurity; using the NIS Regulations 2018 for bolstering cybersecurity standards; updating the 2017 Cyber Security Code of Practice for Ships and promoting new international standards with the International Maritime Organization; developing a robust cybersecurity workforce; implementing the national cybersecurity strategy from January 2022, for raising awareness to emerging cyberthreats among the maritime sector and their responsibilities in managing them.
August 16 – The Office of the National Cyber Director looking to hire a new official for planning cybersecurity policy – According to a job announcement, published by the Office of the National Cyber Director (ONCD), the new Director for Cybersecurity Planning and Operations will be responsible, in collaboration with other officials in ONCD, for formulating policy related to planning defensive cyber operations, strengthening cyber resilience and managing cyber incidents. For fulfilling the above duties, the new director will also cooperate with the relevant entities across the federal administration, including the Office of the Director of National Intelligence (ODNI), CISA and the U.S. Department of Defense. Additionally, the executive will also assess the effectiveness of cybersecurity programs of federal agencies and departments.
August 20 – Google claimed to block the largest DDoS attack ever on its cloud platform – According to a blog post by the team of Google Cloud Platform (GCP), on June 1, 2022, a Google Cloud Armor customer was targeted with a DDoS attack, which lasted 69 minutes and peaked at 46 million requests per second (RPS). The GCP team determined that the attack pattern was similar to the use of the Meris botnet, since it included using 5,256 IP addresses from 132 different countries during the attack. For countering similar attacks, the GCP team recommended using a defense-in-depth strategy, which consists of performing threat modeling for estimating the potential attack surfaces of cloud applications, developing proactive and reactive strategies for protecting them and adding capacities for addressing unanticipated increases in traffic volume.
|
|
|
