We have entered the age of homemade malware

Over the past two weeks, several US government agencies have issued several joint alerts warning businesses and critical infrastructure operators of the discovery of malicious cyber tools that could be used to gain access to industrial control systems.

While the important alert Department of Energy, Department of Homeland Security, FBI and National Security Agency (NSA) have not specifically identified the actor behind the malware, what caught the attention of these agencies is the sheer sophistication of the malware involved. The APT group behind the malware created it specifically to target liquefied petroleum gas and electricity targets in the United States.

Background operation

Over the past decade, APT groups have managed to gain gigabytes of data from critical infrastructure operators around the world through reconnaissance attacks. These attacks either went unnoticed or were not acted upon or investigated by the relevant cybersecurity teams. This has resulted in a situation where the bad actors have acquired tons of data that could be used in a real cyberattack or for the development of designed malware.

This includes data relating to:

  • Security frameworks and critical facility incident response depths and capabilities
  • Supply chain entry points to load malware onto downstream target entities
  • Ways to keep malware latent for long periods of time. This includes periods of plant shutdown, renovation, change of components, etc.
  • Methods to infiltrate malware through unconventional means, including designating specific CI employees as targets for multi-step phishing campaigns
  • Identify disgruntled employees who could be targeted more easily

Additionally, through contaminated firmware residing in less complex IoT systems such as smart surveillance, data and credentials were either exfiltrated or copied to other systems for exfiltration.

The collected data is then used to create modified malware variants that are often more effective at penetrating target networks than unmodified variants. This malware is then deployed via the same route used in the reconnaissance attack (if the malware loader is still available or the exploit is still unmonitored).

What does this mean for cybersecurity teams?

  • More targeted attacks and breaches that could result in more information loss or a huge ransom demand
  • Malware evolution cycles have shrunk to months and weeks instead of years
  • Malware can be repeatedly modified to improve its effectiveness by avoiding defenses
  • This would increase the success rate for malware developers and malicious actors who could then build on that success.
  • IoT Deployments and OT-Based Critical Infrastructure Face an Immediate Threat

Want to learn more about deflecting targeted attacks? Learn more about our adaptive cybersecurity solutions today.

Try our threat intelligence feed for free and block over 18 million cyberattacks every day.

Talk to our cybersecurity experts today to learn more about our IT-IoT-OT cybersecurity solutions and threat intelligence. Book here.

We invite all cybersecurity leaders across verticals and countries to participate in this survey. Your participation will allow us to transform the survey into a more participatory and comprehensive effort: RSSI survey 2022

Get started with the CISO Peer Survey here: Start the survey now!
2022 Threat Landscape Assessment Report
Get the Latest Copy of the OT and IoT Threat Landscape Report

Try our threat intelligence feeds for free for the next two weeks.

Improve your cybersecurity with free OT and IoT-focused threat intelligence feeds for 15 days
We have entered the age of homemade malware – Sectrio

Get free access to enriched IoT-focused cyber threat intelligence for 15 days

*** This is a syndicated blog from the Security Bloggers Network of Sector written by Prayukth K V. Read the original post at: https://sectrio.com/we-have-entered-the-era-of-crafted-malware/

Source link