The Department of Homeland Security (DHS) has indicated that Russian hackers successfully attacked the energy, nuclear, aviation and critical manufacturing sectors through targeted phishing campaigns throughout 2017.
According to DHS, the coordinated attacks started in 2016 with one compromise that was dormant for a year until other infiltrations occurred. The hackers targeted real people by downloading open-source information such as photographs on company websites and other publicly available information, and then tricked employees into entering passwords onto spoofed websites. The hackers then were able to use the passwords to access and compromise corporate systems. Vendors of these sectors were also successfully targeted.
This is an old trick by an old cyber adversary. The targeted companies ranged from small companies with limited cybersecurity measures to large companies with very sophisticated cybersecurity defenses. The fundamental similarity was that they were all successful because employees of the companies were tricked into providing their passwords, allowing access.
Although the Russians had the ability to cause mass blackouts as a result of the successful phishing campaign, they chose not to do so because they appeared to be “more focused on reconnaissance.”
According to DHS, the hackers chose their targets methodically, obtained access to the systems, conducted reconnaissance and then tried to cover their work by deleting evidence of the intrusions.
Critical infrastructure, including the energy and manufacturing sectors will continue to be targeted, and it is imperative that employees are aware of the methodical targeting and have tools to combat these sophisticated targeted phishing schemes, including education and awareness, software tools and support from IT and management.