energy

now browsing by tag

 
 

Noble Energy, Inc. — Moody’s reviews Noble Energy’s ratings for upgrade | #corporatesecurity | #businesssecurity | #

Rating Action: Moody’s reviews Noble Energy’s ratings for upgrade Global Credit Research – 20 Jul 2020 New York, July 20, 2020 — Moody’s Investors Service (“Moody’s”) placed the ratings of […] View full post on National Cyber Security

#cybersecurity | hacker | PupyRAT found sniffing around EU energy concern

Source: National Cyber Security – Produced By Gregory Evans Home > Security News > Government/Defense A command and control server used by the Iranian-associate group PupyRAT that is communicating with the mail server of a European energy sector organization for the last several months. Recorded Future’s Insikt Group reported PupyRAT, a remote access trojan, had […] View full post on AmIHackerProof.com

Here Are The #Clever Means #Russia Used To #Hack The #Energy #Industry

Last July, officials from the Federal Bureau of Investigation and the Department of Homeland Security revealed that Russian hackers were behind cyber intrusions into the U.S. energy power grid. The intrusion illustrated the severe threat that hackers pose to our most critical industries – energy, finance, healthcare, manufacturing and transportation.

The DHS and FBI downplayed the danger in a joint statement: “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”

But that might not be the end of it. Russia may be laying the groundwork for more damaging hacks, on America as well as other nations, using new cyber weapons like CrashOverride and BlackEnergy 3.

In 2015, Russia tested this on the Ukrainian capital of Kiev. These tools were specifically developed to disrupt electric power grids and it blacked out 225,000 people in the Ukraine.

One might wonder what is Russia’s end game for this kind of attack. To hurt us financially? To show us how vulnerable we are? In preparation for a more sinister attack?

Is it to punish America for anti-Russian policies? The White House expelled 60 Russians from the United States this week, joining western allies in response to Russia’s poisoning of a former Russian spy in Britain with what was a banned chemical weapon.

When DHS and FBI dissected the hackers’ tradecraft, it turned out to be very clever indeed. Mark Orlando, Chief Technology Officer for cyber services at Raytheon, broke down the particulars of why the new world of hacking works so well in America.

One of the attackers’ main strategies is to divide targets into two groups – intended targets which are the energy companies themselves, and staging targets like vendors, suppliers, even trade journals and industry websites.

Instead of going straight to the larger and better-protected targets, like a $60 billion energy company with a cyber security department, the hackers worked their way into the smaller and less secure companies’ networks like those that supply the big ones with smaller equipment. Or the local utilities that are partnered with them. Local regulators may also have good access.

There is even an Electric Utility Industry Sustainable Supply Chain Alliance that many of the large energy companies use.

When the hackers get into those systems, they use that access to gather intelligence and set traps for the larger company.

This targeting of the supply chain partners is brilliant. The manufacturer of natural gas turbines that supply a gas power plant would have great access to the plant’s systems and management, would probably have password access, and would not be questioned very hard.

‘It’s important to raise awareness,’ says Orlando. ‘These details, if taken by themselves, might not seem that impactful. When presented with the entire story, we can see it was part of a larger, sustained campaign, potentially causing a lot of damage.’

This is a long-term strategy that takes patience – just the kind of thing traditional espionage has perfected over the last century.

America seems to be getting the message. A recent survey from Raytheon and Ponemon showed that two-thirds of cyber security executives and chief information security officers in America, Europe and the Middle East believe cyber extortion, such as ransomware and data breaches, will increase in frequency and payout.

The traps themselves are pretty imaginative. Many are based in social media. No one would suspect a cute kitten video of hiding malware. But they do. And if your co-worker is a kitten-nut, they may not hesitate to download that video without thinking that it is a trap.

‘The weakness in cybersecurity are the users themselves, those that are not necessarily computer-savvy,’ says Quinn Mockler, a young cyber security researcher at Columbia Basin College in the Tri-Cities Washington near the Hanford Nuclear Reservation. ‘People overall need better awareness of cyber security. Otherwise, we will be open to constant attack.’

In one example discussed by Orlando, the attackers found a harmless-looking photo on one company’s human resources site that contained valuable information – the manufacturer and model of a certain piece of control-systems equipment.

That provided critical information on how the plant runs and set up the next phase of the attack – spear phishing – which is the use of customized, highly deceptive emails designed to deliver malware. Using resumés, curricula vitae, policy documents and other common messages, the hackers made reference to these control systems creating plausible, well-informed emails likely to fool someone into opening a malware-laced attachment.

One was an invitation to a company New Year’s Eve party.

Another common method used to infiltrate is called a watering-hole attack which plants malicious code in a place the targets trust, then waits for them to come pick it up.

In the energy-sector attack, DHS and FBI found that watering holes included trade publications and informational websites that dealt with matters specific to the energy industry. The hackers corrupted those sites and altered them to contain malicious content. The targets saw no reason to suspect anything was wrong when they visited them.

‘It’s a low-complexity, low-effort, high-yield attack,’ Orlando says. ‘With relatively little effort, you can target lots and lots of users.’ The best defense, he says, is for a company to monitor its own networks for signs that a user may have unwittingly stumbled into a watering-hole.

Much of the malware in the energy-sector attack was designed to capture user credentials, or the digital identity of someone authorized to use a target network. Credential harvesting includes usernames and passwords, hashes or a computer’s digital signature, often stolen through tricking someone at a false login page for a familiar site.

The hackers’ spear phishing emails contained documents that ordered the target’s computer to retrieve data from a server – one the hackers either owned themselves, or had commandeered. Once the hackers had the target’s credentials, they could apply techniques to reveal the password in plain text.

Requiring multiple modes of authentication to sign in, such as a thumbprint or a security token code, is the best way to thwart this type of attack.

Hackers imitated login pages themselves, planting a link that redirected users to a page whose ‘username’ and ‘password’ fields fed credentials straight to them. Orlando notes, ‘If I can come into your environment using authorized credentials, detecting that just became exponentially more difficult.’

There are two main lessons from the power-grid hack, Orlando says. First, businesses should know that small hacking attempts like suspicious emails are often part of a larger campaign. Also, they should understand that truly cyber-secure businesses look beyond their own networks. Like tracking the spread of a new Flu virus.

‘Your network isn’t just your network. It’s your network, plus your trusted partners, plus your suppliers,’ he says. ‘If you’re not mitigating risk across the entire cyber ecosystem, you’re potentially missing a very large exposure to your business.’

Since smaller companies are the hacker’s first stop on the way to the bigger targets, Orlando recommends monitoring computer networks for unusual activity, installing security patches regularly, developing a response plan to disclose breaches and limit damage, and communicate up and down the supply chain on cyber security.

Data diodes, air gaps, field programmable gate arrays – all the sophisticated approaches to cyber security that the nuclear and defense industries use – eventually need to be part of everyone’s defense.

But as Orlando summed up, the daunting new reality in modern cyber security is that a company’s cyber defenses are only as strong as the defenses of everyone connected to it.

advertisement:

The post Here Are The #Clever Means #Russia Used To #Hack The #Energy #Industry appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Duke #Energy #Vendor’s #Hack May Mean #Stolen Customer #Bank Info

Nearly 375,000 Duke Energy Corp. customers may have had personal and banking information stolen in a data breach.

The country’s largest electric company said Tuesday the customers paid a bill by check or cash at 550 walk-in payment processing centers in the Carolinas, Florida, Indiana, Ohio and Kentucky since 2008.

Those payments were processed by TIO Networks, which was hacked in an attack disclosed after the company was purchased in July by PayPal Holdings Inc. Duke Energy customers make up nearly a quarter of the 1.6 million TIO Network customers potentially compromised.

The personally identifiable information that may have been stolen from Duke Energy customers includes names, addresses, electricity account numbers and banking information if a customer paid power bills by check.

TIO Networks is sending letters to notify those affected.

View full post on National Cyber Security Ventures

Hackers attacking US and European energy firms could sabotage power grids

Source: National Cyber Security – Produced By Gregory Evans

A hacking campaign is targeting the energy sector in Europe and the US to potentially sabotage national power grids, a cybersecurity firm has warned. The group, dubbed “Dragonfly” by researchers at Symantec, has been in operation since at least 2011 but went dark in 2014 after it was first exposed,…

The post Hackers attacking US and European energy firms could sabotage power grids appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The Clever Phishing Trick Used by Hackers Targeting the US Energy Sector

Source: National Cyber Security – Produced By Gregory Evans

Last week, the media was abuzz with apocalyptic headlines about how Russian hackers were launching cyber-attacks on the US energy and nuclear sector. All the hoopla started when news broke about a joint alert sent by the Department of Homeland Security and the Federal Bureau of Investigation, which warned companies…

The post The Clever Phishing Trick Used by Hackers Targeting the US Energy Sector appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Tripwire Study: Energy Sector IT Professionals Overconfident in Cyber Security Capabilities as Attacks Increase

4-12-2016-9-14-47-am-7453362

Source: National Cyber Security – Produced By Gregory Evans

Tripwire Study: Energy Sector IT Professionals Overconfident in Cyber Security Capabilities as Attacks Increase

Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of an extensive study conducted for Tripwire by Dimensional Research. The study evaluated the confidence of IT professionals regarding the

The post Tripwire Study: Energy Sector IT Professionals Overconfident in Cyber Security Capabilities as Attacks Increase appeared first on National Cyber Security.

View full post on National Cyber Security

Hackers Attack The NSW Government Department Of Resources And Energy

Source: National Cyber Security – Produced By Gregory Evans

Hackers Attack The NSW Government Department Of Resources And Energy

The NSW Government Department of Resources and Energy has revealed that it was the target of a cyber attack in December 2015, during the time several major projects were being considered. This includes the $1.2 billion Shenhua Watermark coal mine, indirectly controlled by the Chinese government — which experts say is a possible source of the attack. The attack was in the form of an increase in “virus/security activity attempting to impact systems at the Division of Resources and Energy (DRE) office in Maitland”, according the the department, and steps were taken to increase security after the activity was detected. “We do not believe that the attacks penetrated our systems or any data was accessed at this time,” the statement reads. The New South Wales Opposition is calling for further investigation, as reported by ABC’s The World Today, on the back of warnings from experts that such a definitive conclusion can not be made. “These reports are highly disturbing,” says the Opposition spokesman for resources, Adam Searle. “I have sought a briefing from the minister and his agency as soon as possible. The Opposition will be seeking an assurance from the Baird Government that the integrity of the commercially sensitive […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Hackers Attack The NSW Government Department Of Resources And Energy appeared first on National Cyber Security.

View full post on National Cyber Security

Western Energy Companies Are Under Cyber Attacks!National Cyber Security

nationalcybersecurity.com – The security company named Symantec has alerted all the energy sector companies that they might be facing the possible breach by the Dragonfly or Energetic Bear groups. The countries like Italy, Fr…

View full post on Hi-Tech Crime Solutions Daily

Western Energy Companies Are Under Cyber Attacks!

The security company named Symantec has alerted all the energy sector companies that they might be facing the possible breach by the Dragonfly or Energetic Bear groups.

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security