Over the past two weeks, several US government agencies have issued several joint alerts warning businesses and critical infrastructure operators of the discovery of malicious cyber tools that could be used to gain access to industrial control systems.
While the important alert Department of Energy, Department of Homeland Security, FBI and National Security Agency (NSA) have not specifically identified the actor behind the malware, what caught the attention of these agencies is the sheer sophistication of the malware involved. The APT group behind the malware created it specifically to target liquefied petroleum gas and electricity targets in the United States.
Over the past decade, APT groups have managed to gain gigabytes of data from critical infrastructure operators around the world through reconnaissance attacks. These attacks either went unnoticed or were not acted upon or investigated by the relevant cybersecurity teams. This has resulted in a situation where the bad actors have acquired tons of data that could be used in a real cyberattack or for the development of designed malware.
This includes data relating to:
- Security frameworks and critical facility incident response depths and capabilities
- Supply chain entry points to load malware onto downstream target entities
- Ways to keep malware latent for long periods of time. This includes periods of plant shutdown, renovation, change of components, etc.
- Methods to infiltrate malware through unconventional means, including designating specific CI employees as targets for multi-step phishing campaigns
- Identify disgruntled employees who could be targeted more easily
Additionally, through contaminated firmware residing in less complex IoT systems such as smart surveillance, data and credentials were either exfiltrated or copied to other systems for exfiltration.
The collected data is then used to create modified malware variants that are often more effective at penetrating target networks than unmodified variants. This malware is then deployed via the same route used in the reconnaissance attack (if the malware loader is still available or the exploit is still unmonitored).
What does this mean for cybersecurity teams?
- More targeted attacks and breaches that could result in more information loss or a huge ransom demand
- Malware evolution cycles have shrunk to months and weeks instead of years
- Malware can be repeatedly modified to improve its effectiveness by avoiding defenses
- This would increase the success rate for malware developers and malicious actors who could then build on that success.
- IoT Deployments and OT-Based Critical Infrastructure Face an Immediate Threat
Want to learn more about deflecting targeted attacks? Learn more about our adaptive cybersecurity solutions today.
Try our threat intelligence feed for free and block over 18 million cyberattacks every day.
Talk to our cybersecurity experts today to learn more about our IT-IoT-OT cybersecurity solutions and threat intelligence. Book here.
We invite all cybersecurity leaders across verticals and countries to participate in this survey. Your participation will allow us to transform the survey into a more participatory and comprehensive effort: RSSI survey 2022
Try our threat intelligence feeds for free for the next two weeks.
*** This is a syndicated blog from the Security Bloggers Network of Sector written by Prayukth K V. Read the original post at: https://sectrio.com/we-have-entered-the-era-of-crafted-malware/