The FBI and US Department of Homeland Security (DHS) have formally documented that hackers are attempting to access critical national infrastructure including nuclear power stations in part of an ongoing cyber-espionage campaign.

Serious stuff

It’s been known for a long time that state-backed hackers have been probing critical national infrastructure.  
But the FBI/DHS report provides a detailed look into what are sophisticated, multi-staged and persistent endeavours to hack and gain remote control of vital infrastructure services.

It’s serious stuff and reveals how, in the event of a major conflict power grids could go down, ATM networks grind to a halt and water supplies are cut off. In short, the lights go out.

According to the FBI/DHS analysis:
  • Hackers starting by attacking small companies that have relatively poor security and small networks. These are then used as a stepping stone into the networks of major energy sector companies.
  • The hackers initially gather information posted on websites to carry out targeted spear-phishing attempts. These emails typically use malicious Microsoft Word attachments that appear to be legitimate CVs, for example
  • They gather up user credentials, user names and passwords, to access internal systems
  • Once inside a target’s network, the hackers download tools from a remote server to carry out their mission such as gaining access to ICS or Supervisory Control and Data Acquisition (SCADA) systems.
  • These systems control different aspects of critical national infrastructure, such as increasing or decreasing water pressures, turning on and off power grids and controlling operations within a nuclear plant for example.


BullGuard protects your computer from malware, hackers and spies

TRY NOW FOR FREE - 90 DAYS
 

From Russia with love?

It's not entirely clear who is behind these attacks. But the FBI/DHS analysis describes the hackers as an 'advanced persistent threat', a phrase that usually refers to cyber-attackers with state backing.

And if you want to take the diplomatic code breaking a step further it’s another way of pointing the finger at Russian and Chinese hackers without actually stating the obvious for fear of upsetting the apple cart; because these types of attack cuts both ways.

The US, the UK and other European nations are not innocents; they also have their own initiatives dedicated to taking out critical national infrastructure.

Spinning out of control

There have already been several well documented attacks on critical national infrastructure.
  • Ukrainian power grids were hit by blackouts in 2015 and 2016. The attacks were blamed on hackers believed to be Russian.
  • A nuclear power plant in Germany was discovered to be infected with malware last year, while a few years earlier a nuclear power plant also in Germany was hit by a disruptive cyber-attack.
  • There’s also the infamous cyber-attack on an Iranian plant which destroyed spinning centrifuges. Malware inserted into the plant’s network took control of SCADA systems causing the centrifuges to spin at such a high speed they self-destructed. Guess who was responsible for this attack?

In recent years numerous forms of malware targeting SCADA systems have been identified, including Stuxnet which took down the Iranian facility, Havex, and BlackEnergy3 .

These malware strains are designed to access Industrial Control Systems undetected by exploiting the weakest link in the cyber defence network.

As the FBI/DHS reports implies this is generally people who are fooled by phishing mails and other cyber social engineering techniques.

Inevitably these types of attacks are the shape of things to come.

In fact, sleeper malware could well be already sitting in some infrastructure just awaiting a hacker’s remote command.

More on this type of malware later.