Feds Caution About Hacking Threats on Energy, Water, Nuclear, Aviation and More
The Department of Homeland Security together with the Federal Bureau of Investigation issued an e-mail alert October 20 about hackers targeting water, energy, aviation, nuclear along with highly sensitive manufacturing industries as well as government entities within assaults that took place as far back as May 2017. The hackers' aim is for hijacking PC-networks of organizations by distributing to the latter malware-laced e-mails and infected online sites for acquiring credentials so as to ultimately access their computer networks.
As reported, the attacks are all-inclusive phishing campaigns and these have chosen 2 primary targets: intended targets and staging targets. Normally, in phishing campaigns, the attackers first chase 'staging targets' that comprise peripheral organizations and 3rd-party entities maintaining system networks while their security measures are not so stringent. Once staging targets are effectively captured, the attackers make pivot points out of them as well as malware repositories that subsequently let them wage assault on the organizations they first intended to compromise.
According to security specialist Robert Lee from Dragos a cyber-security company, who showed the way for securing industrial systems, there are 2 or 3 hacker groups whose activities include theft of user credentials as well as doing surveillance on American organizations in addition to other countries', while staying short of executing destructive assaults. Skynews.com posted this, October 22, 2017.
Reportedly, European and American organizations have been increasingly attacked, but it isn't clear if the hackers got away with their data else disrupted operations at their premises. Indeed, it seems as though the hackers have concentrated on spying, at present, as says Mr. Lee in an interview to Reuters, adding that there may not be any extraordinary efforts by the hackers anytime soon.
Worryingly according to Dragos, before disruptive operations there is typically a phase of intelligence gathering wherein hackers garner details regarding target networks followed with obtaining credentials for use within more assaults.
The e-mail alert suggested about hackers successfully attacking certain targets, notably an energy generator, while doing an investigation of their networks. The work of their online espionage is continuing, with the threat actors persistently staying to their objectives.
» SPAMfighter News - 27-10-2017