Attacks/Breaches

7/24/2018
12:35 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

DHS Officials: Hundreds of US Utility Victims Infiltrated by Russian Hackers

Federal government officials up their count of US energy sector victims from dozens to hundreds, according to a Wall Street Journal report.

The US Department of Homeland Security, which earlier this year warned of Russian nation-state hacking teams targeting energy and other critical infrastructure organizations, in a briefing this week provided more details on the attack campaign.

The Wall Street Journal reported that DHS officials said there were hundreds of victims: an increase from their original count of a few dozen targets who had been hacked by Dragonfly, aka Energetic Bear, via supply-chain attacks.

The attackers hopped from commercial supplier networks to the energy organizations and siphoned information on how the utility sites operate and were trying to remain under the radar, appearing as "people who touch these systems on a daily basis," Jonathan Homer, chief of industrial-control-system analysis for DHS told the WSJ.

"The DHS has done a great job amplifying what was previously identified by the private sector and adding their own information. This relates to activity already previously communicated to the electric community, but highlighting ongoing risk is important," said Rob Lee, CEO of Dragos.

But, Lee says, the WSJ report's reference to "throwing switches" and "causing blackouts" was misleading. It's more of a cyber espionage operation: "What was observed is incredibly concerning, but images of imminent blackouts are not representative of what happened which was more akin to reconnaissance into sensitive networks," Lee says.

Read more here.

 

 

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lunny
50%
50%
lunny,
User Rank: Strategist
7/24/2018 | 9:08:13 PM
Catch 22
Public utilities, especially those owning nuclear reactors, are highly regulated.  That, along with rigorous safety protocols, inhibits rapid change.  Over the long term, this results in legacy systems and software throughout the organization.  "Don't touch it!  You might break something.", is the safe decision (or perceived as such).  Any serious threat actor, especially a nation state type, is collecting information that will only be used when the doo-doo hits the fan one day.  There's a sweet spot somewhere in Agile land where innovation meets tried and true fundamentals.  These are not mutually exclusive.
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
8 Security Tips to Gift Your Loved Ones For the Holidays
Steve Zurier, Freelance Writer,  12/18/2018
How to Engage Your Cyber Enemies
Guy Nizan, CEO at Intsights Cyber Intelligence,  12/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16883
PUBLISHED: 2018-12-19
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
CVE-2018-17192
PUBLISHED: 2018-12-19
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on th...
CVE-2018-17193
PUBLISHED: 2018-12-19
The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sanitize the request attribute value was applied on the Apache NiFi 1.8.0 release. Users running a prior ...
CVE-2018-17194
PUBLISHED: 2018-12-19
When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, the receiving nodes would wait for the body and even...
CVE-2018-17195
PUBLISHED: 2018-12-19
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client certificate authentication, same subnet access, a...