- Fukushima Report: Robot Lifts Melted Fuel
- TÜV, Nozomi Ink Partnership Pact
- Pangea Patches Bypass Vulnerability
- Fuji Fixes FRENIC Devices
- ARC: Safety and Profitability Work Together
- Public Needs to Know About Chem Releases: Judge
- Robot Testing Radioactive Fuel at Fukushima
- Siemens Fixes CP1604, CP1616 Holes
- Siemens has Upgrade for Intel AMT
- Siemens Fixes Hole in SIMATIC S7-300 CPU
- Siemens has Licensing Software Fix for SICAM 230
- Siemens Fixes Ethernet Communication Module, Relays
- OSIsoft has Update for PI Vision Hole
- First Responders Test Technology
- Manufacturing Targeted in Hack Attack
- Siemens Fixes SICAM A8000 RTU Series Hole
Chemical Safety Incidents
Industrial Firms Hit by Spear Phishing
Thursday, August 2, 2018 @ 01:08 PM gHale
A wave of financial spear-phishing emails disguised as legitimate procurement and accounting letters hit over 400 industrial organizations located mostly in Russia, researchers said.
The series of attacks started in the fall last year and targeted hundreds of company PCs in industries ranging from oil and gas to metallurgy, energy, construction and logistics, said researchers at Kaspersky Lab.
RELATED STORIES
Forget Hyperbole: Stay True to Security Message
Political Ploy or Not, Industry Needs to Act
Age of Misdirection: Stay Focused, Safe, Secure
Summit: How to Keep Security Balanced
In the assault, attackers predominantly focused on industrial companies along with other organizations. They sent out emails containing malicious attachments and tried to lure unsuspecting victims into giving away confidential data, which they could then use to make money.
The wave of emails targeted 800 employee PCs, with the goal of stealing money and confidential data from the organizations, which could then be used in new attacks, Kaspersky researchers said. The emails were disguised as legitimate procurement and accounting letters, containing content that corresponded to the profile of the attacked organizations and took into account the identity of the employee – the recipient of the letter. Of note, the attackers even addressed the targeted victims by name. This suggests the attacks were carefully prepared and took the time to develop an individual letter for each user.
When the recipient clicked on the malicious attachments, modified legitimate software was discreetly installed on the computer so the attackers could connect to it, examine documents and software related to the procurement, financial and accounting operations. Furthermore, the attackers were looking for different ways to commit financial fraud, such as changing requisites in payment bills in order to withdraw money for their benefit.
In addition, whenever criminals needed additional data or capabilities, such as obtaining local administrator rights or stealing user authentication data and Windows accounts to spread within the enterprise network, the attackers uploaded additional sets of malware, prepared individually for an attack on each victim. This included spyware, additional remote administration tools that extend the control of attackers on infected systems and malware to exploit vulnerabilities in the operating system, as well as the Mimikatz tool that allows users to obtain data from Windows accounts.
“The attackers demonstrated a clear interest in targeting industrial companies in Russia,” said Vyacheslav Kopeytsev, a security researcher at Kaspersky Lab. “Based on our experiences, this is likely to be due to the fact that their level of cybersecurity awareness is not as high as it is in other markets, such as financial services. That makes industrial companies a lucrative target for cybercriminals – not only in Russia, but across the world.”
Kaspersky Lab researchers advise users to follow these key measures in order to be protected against spear-phishing attacks:
• Use security solutions with a dedicated functionality aimed at detecting and blocking phishing attempts.
• Introduce security awareness initiatives, including gamified training with skills assessments and reinforcement through the repetition of simulated phishing attacks.
Leave a Reply
You must be logged in to post a comment.