Posted on February 25, 2021 at 10:16 PM
Researchers have identified more cybercriminals that target utilities and several other critical infrastructures. The cyber attackers are particularly interested in organizations offering services in manufacturing, oil and gas, water, as well as electric power.
Some of the cybercriminals are looking to encrypt systems or steal information with ransomware. However, some of them are state-backed operations that want to know the potential damage they could cause by launching attacks against operational technology (OT).
Cybersecurity researchers at Dragos stated that they have detected four new hacking syndicates targeting industrial systems over the past year. They also stated that cybercriminals have invested heavily to make sure their attacks are more sophisticated and potent when targeting organizations within the industry.
The four groups have been identified as Vanadinite, Stibnite, Kamacite, and Talonite. These are now added to the 11 hacking groups previously discovered targeting industrial systems.
Some groups have specific targets
The researchers also revealed that some of the new hacking groups are launching attacks on specific targets. For instance, the Talonite group is targeting electricity providers in the U.S. while the Stibnite group is targeting wind turbine companies generating electric power in Azerbaijan.
The other hacking groups have more generalized targets Kamacite, which is affiliated with the famous Sandworm hacking syndicate, has a wide range of targets. The group has launched attacks on industrial operations of energy companies across Europe and North America.
On the other hand, Vanadinite carries out operations against transport, manufacturing, and energy companies in Asia, Australia, Europe, and North America.
The security researchers said their discovery of these hacking syndicates is very worrying. However, for the researcher to uncover these threats means they are now more visible than ever before. The threats may have existed without any detection in the past.
But the more sophisticated tools used by researchers have enabled the earlier discovery of the threats. As a result, it is now faster to mitigate them. But the problem is the fact that the threats and their attacking method are increasingly becoming more sophisticated. Hence, it’s not very easy to mitigate the threats.
Vice president of threat intelligence at Dragos, Sergio Caltagirone, stated that the threat landscape is gradually getting more understood.
“The more visibility we build in the OT space, the greater understanding of its threat landscape,” he added.
He also said that the security approach for traditional IT security is different from OT network attacks. While OT attacks are less frequent, these impacts are potentially very high compared to IT incidents.
Organizations still lagging in their security duty
But there is still an issue of visibility for industrial networks, as 90% of the companies analyzed by Dragons don’t have the full knowledge of their own OT network.
As a result, cybercriminals remain hidden in some instances, unless discovered by security researchers.
And in some cases, the threat actors can even hide in plain sight without being detected by abusing legitimate logins to move freely around the network.
Generally, hacking campaigns that target industrial systems involve remote service exploitation and phishing attacks. It enables attackers to utilize real accounts to carry out malicious activities while staying under the radar.
And with the lack of visibility comes more risk, since it gives threat actors the freedom to carry out operations with ease. It also gives them time to understand the environment of the victim and locate their goals easily and achieve their hacking intentions, according to Caltagirone.
Protecting against cyber threats
The hacking activity can also have physical effects on the network environment, as shown recently after a threat actor altered the chemical properties of drinking water of the city of Oldsmar in Florida.
Some threat actors have also succeeded in gaining access to electrical power grids leading to an automatic shutdown of the network.
But organizations can protect themselves more than they are doing now, according to security researchers. Industry organizations in particular can improve the visibility of their network and help keep their systems from the activities of threat actors.
They can prioritize their security on assets that have critical control over other operations. Once more priority is given to these assets, it will be more difficult for threat actors to penetrate, the researchers reiterated.