Skip to content

Brought to you by

Dentons logo

Privacy and Cybersecurity Law

Coverage and commentary on developments in data protection.

open menu close menu

Privacy and Cybersecurity Law

  • Home
  • About Us

DHS And FBI Issue Joint Warning – Hackers Have Targeted Critical Sector Industries Since March 2016

By Peter Stockburger
March 27, 2018
  • Data Breach
  • Enforcement
  • Government Information
  • United States
Share on Facebook Share on Twitter Share via email Share on LinkedIn

On March 15, 2018, the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) issued a joint Technical Alert (TA18-074A) warning “network defenders” in critical sector industries that “Russian government cyber actors” have been intentionally targeting U.S. government entities and organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors since at least March 2016. These threat actors, according to the joint alert, have used this campaign to engage in reconnaissance missions and to obtain operational control of industrial control processes and systems.

The joint alert identifies two targets of the ongoing attack: “staging” and “intended” targets. Staging targets are those “peripheral organizations such as trusted third-party suppliers with less secure networks.” The threat actors use the “staging” targets’ networks as “pivot points and malware repositories when targeting their final intended victims,” the intended targets. Once compromised, the staging targets are used to download source code from intended targets’ websites and to remotely access infrastructure such as corporate web-based email and virtual private network (VPN) connections. The threat actors ultimately seek to gain information from the intended target on “network and organizational design and control system capabilities within organizations.”

The joint alert identifies a variety of tactics used by the threat actors, including spear-phishing campaigns, watering-hole domain attacks, and collecting publicly available information:

  • Spear-Phishing. Through spear-phishing, the threat actors use email attachments to leverage legitimate Microsoft Office functions for retrieving a document from a remote server, which allows the threat actor to gain access to user credentials. With user credentials, and using a password-cracking technique, “the threat actors are able to masquerade as authorized users in environments that use single-factor authentication.”
  • Watering-Hole. Through watering-hole attacks, the threat actors compromise “the infrastructure of trusted organizations to reach intended targets. Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure.” These watering-holes host legitimate content developed by reputable organizations, but the threat actor alters the website to contain and reference malicious content. The threat actors use legitimate credentials to access and directly modify the website content. Once on the website, the victim provides credentials.
  • Public Information. The threat actors review information “posted to company websites, especially information that may appear to be innocuous, [to gain access to] operationally sensitive information.” In one example, the threat actors downloaded a small photo from a publicly accessible human resources page, which when expanded was “a high-resolution photo that displayed control systems equipment models and status information in the background.”

Once threat actors gain access to the network, the DHS and FBI warn they conduct “reconnaissance operations within the network,” including “identifying and browsing file servers within the intended victim’s network.” Perhaps most troubling, the DHS and FBI identified in multiple instances “the threat actors accessed workstations and servers on a corporate network that contained data output from control systems within energy generation facilities.” This access would allow the threat actors to control operations within the organization, including control of certain energy sectors.

Takeaways

The new joint alert highlights the dynamic threat landscape facing organizations. Although the alert provides technical advice concerning the identification and deterrence of the ongoing attacks, it also provides best practices applicable to the campaign. Many of the recommendations apply outside of the critical sector industries, and provide a timely reminder that all organizations should review their cybersecurity practices and policies on an ongoing basis. Some of the recommended best practices include:

  • Reviewing your existing third party contracts to determine cybersecurity vulnerabilities and protections;
  • Monitoring VPN logs for abnormal activity;
  • Deploying web and email filters on the network;
  • Ensuring proper training to inform end users on proper email and web usage;
  • Establishing a complex password policy;
  • Using multi-factor authentication;
  • Assigning appropriate personnel to review logs;
  • Completing “independent security (as opposed to compliance) risk review”; and
  • Preparing a robust incident response plan.

If you or your organization is looking to create new, or update existing cybersecurity policies or practices, or you have any questions about this joint alert and how your organization may be impacted, please reach out to the Dentons cybersecurity team to discuss how our cost effective strategies can help mitigate your risk and provide an assessment of your overall cybersecurity readiness.

Dentons is the world’s largest law firm, a leader on the Acritas Global Elite Brand Index, a BTI Client Service 30 Award winner, and recognized by prominent business and legal publications for its innovations in client service, including founding Nextlaw Labs and the Nextlaw Global Referral Network. The Dentons Privacy and Cybersecurity Group operates at the intersection of technology and law, and has been singled out as one of the law firms best at cybersecurity by corporate counsel, according to BTI Consulting Group.  

Share on Facebook Share on Twitter Share via email Share on LinkedIn
Subscribe and stay updated
Receive our latest blog posts by email.
Stay in Touch
Peter Stockburger

About Peter Stockburger

Peter Stockburger is the office managing partner for the Firm's San Diego office, a member of the Firm's Global Data Privacy and Venture Technology Groups, and co-lead of the Firm's Autonomous Vehicles practice. With a focus on data privacy and security, Peter partners with clients around the globe to leverage data and talent to grow, operate, and protect their business.

All posts Full bio

RELATED POSTS

  • Consumer Protection
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Health Information Privacy
  • Privacy Rights
  • United States

FBI Warns Cyber Criminals Are Targeting Unsecured FTP Servers In The Healthcare Industry

By Peter Stockburger
  • Consumer Protection
  • Data Breach
  • Health Information Privacy
  • Privacy Rights
  • United States

NIST Releases Draft Guidance On Securing Wireless Infusion Pumps In The Healthcare Industry

By Peter Stockburger
  • Canada
  • Enforcement
  • Marketing, Cookies & Spam

CRTC ENFORCEMENT ADVISORY: REMEMBER, YOU MUST HAVE RECORDS TO PROVE CONSENT

By Privacy and Cybersecurity Group

About Dentons

Dentons is designed to be different. As the world’s largest law firm with 20,000 professionals in over 200 locations in more than 80 countries, we can help you grow, protect, operate and finance your business. Our polycentric and purpose-driven approach, together with our commitment to inclusion, diversity, equity and ESG, ensures we challenge the status quo to stay focused on what matters most to you. www.dentons.com

Dentons boilerplate image

Twitter

Categories

  • Accountability
  • Asia Pacific
  • Canada
  • Cloud Computing
  • Consumer Protection
  • Cybersecurity
  • Data Breach
  • Data Transfers
  • Employee Privacy
  • Enforcement
  • Europe
  • General
  • Government Information
  • Health Information Privacy
  • Latin America
  • Marketing, Cookies & Spam
  • New and Proposed Laws
  • Privacy Notices
  • Privacy Rights
  • Record Retention
  • Smart Cities
  • United Kingdom
  • United States

Subscribe and stay updated

Receive our latest blog posts by email.

Stay in Touch

Dentons logo

© 2023 Dentons

  • Legal notices
  • Privacy policy
  • Terms of use
  • Cookies on this site