According to the US Department of Homeland Security, Russia’s APT groups have already penetrated America’s critical infrastructure, especially power utilities, and are still targeting them. These attacks could have dramatic consequence, an attack against a power grid could cause a massive power outage. It isn’t a sci-fi, it has already happened in Ukraine and security experts blamed Russian APT groups tracked as Dragonfly and Energetic Bear. According to the government experts, hackers were able to penetrate also air-gapped networks. The Wall Street Journal quoted Homeland Security officials reporting various attacks. “Hackers working for Russia claimed “hundreds of victims” last year in a long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said.” states the WSJ. The officials sustain that the Energetic Bear APT has already penetrated “hundreds” of systems in national power grids. The DHS issued several alerts related to the APT attacks and shared technical details about their TTPs, including Indicators of Compromise (IOCs) to detect their presence in the IT infrastructure.
Cyber intrusions of critical infrastructure are part of long-term information warfare strategy. Russians APT Groups carried out spear-phishing attacks against utilities’ equipment vendors and sub subtractors to gather intelligence and collect information to penetrate the infrastructure. Hackers aim at the exploitation of the accesses into the utilities used by equipment makers and suppliers for ordinary maintenance and telemetry. Their accesses could allow them to deploy malware into the facilities. Unfortunately, the attacks are still ongoing, many critical infrastructure are operated by private companies with pour cyber hygiene. Unfortunately, in many cases, the operators totally ignore the presence of the attackers into their networks. “They got to the point where they could have thrown switches,” Jonathan Homer, chief of industrial control system analysis for Homeland Security, told the paper.
The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector, and when appropriate, the military’s hacking unit should hit back, this is what three experts said at a panel organized by APCO. The three experts with experience in the private sector, intelligence community and military, agreed that the private organization victims of cyber attacks have to delegate the response against the attackers to the US Cyber Command. “I think if it’s going to happen, it’s best in the hands of the government,” said Sean Weppner, chief strategy officer at NISOS Group and a former DOD cyber officer. The experts highlighted that private companies have no intelligence abilities to attribute the attacks to a specific threat actor and have no specific offensive capabilities to conduct hack backs. Private companies not only have no capabilities to conduct hack backs, they are not legally authorized to do it. “The U.S. government should decide how to retaliate against the worst attacks on the country’s private sector, and when appropriate, the military’s hacking unit should hit back, three experts said Monday.” reported CyberScoop. “The controversial idea entails taking the fight to nefarious actors by attacking their computer network in-kind, probing for exfiltrated data and employing measures to retrieve or destroy stolen information.”
Alex Bolling, the former chief of operations at the CIA’s Information Operations Center, approached the problem of cyber attacks against critical infrastructure that in most of the cases are owned by private entities. The response of attacks against critical infrastructure operated by private organizations must be delegated to the US Government. In the majority of the cases, attacks against critical infrastructure are powered by persistent attackers and for this reason, a response requests specific cyber skills and the US CYBERCOM has them. Speaking of the CYBERCOM Bolling said it is the “agency that is best resourced to respond to threats to [U.S.] national interests…[and] critical infrastructure in the energy, finance and wider commercial space,". Private companies cannot carry out hack backs if we want to avoid a digital far west. A private company that decides to target its attackers is anyway a serious threat to the overall digital community. “For one, companies venturing out into foreign networks would run the risk of disrupting existing U.S. intelligence or military operations.” continues CyberScoop. According to Edward Amoroso, CEO of Tag Cyber, the US CYBERCOM should isolate the specific target to hit and attack it limiting the risk of any collateral damage. “I’d like to think there’s a lot of human intelligence and spy-craft that provides a really good view” to the government, said Amoroso. Experts warn of the risk of hack back non-responsible party due to a wrong attribution of the attack. Of course, every threat must be properly approached especially the ones that daily target the U.S. private sector. The three experts urge a proper cyber hygiene to mitigate the risks of cyber attacks and limit the necessity to carry out hack backs.
https://securityaffairs.co/
Cyber intrusions of critical infrastructure are part of long-term information warfare strategy. Russians APT Groups carried out spear-phishing attacks against utilities’ equipment vendors and sub subtractors to gather intelligence and collect information to penetrate the infrastructure. Hackers aim at the exploitation of the accesses into the utilities used by equipment makers and suppliers for ordinary maintenance and telemetry. Their accesses could allow them to deploy malware into the facilities. Unfortunately, the attacks are still ongoing, many critical infrastructure are operated by private companies with pour cyber hygiene. Unfortunately, in many cases, the operators totally ignore the presence of the attackers into their networks. “They got to the point where they could have thrown switches,” Jonathan Homer, chief of industrial control system analysis for Homeland Security, told the paper.
The U.S. government should opt to carry out hack backs as retaliation against the massive attacks against organizations in the US private sector, and when appropriate, the military’s hacking unit should hit back, this is what three experts said at a panel organized by APCO. The three experts with experience in the private sector, intelligence community and military, agreed that the private organization victims of cyber attacks have to delegate the response against the attackers to the US Cyber Command. “I think if it’s going to happen, it’s best in the hands of the government,” said Sean Weppner, chief strategy officer at NISOS Group and a former DOD cyber officer. The experts highlighted that private companies have no intelligence abilities to attribute the attacks to a specific threat actor and have no specific offensive capabilities to conduct hack backs. Private companies not only have no capabilities to conduct hack backs, they are not legally authorized to do it. “The U.S. government should decide how to retaliate against the worst attacks on the country’s private sector, and when appropriate, the military’s hacking unit should hit back, three experts said Monday.” reported CyberScoop. “The controversial idea entails taking the fight to nefarious actors by attacking their computer network in-kind, probing for exfiltrated data and employing measures to retrieve or destroy stolen information.”
Alex Bolling, the former chief of operations at the CIA’s Information Operations Center, approached the problem of cyber attacks against critical infrastructure that in most of the cases are owned by private entities. The response of attacks against critical infrastructure operated by private organizations must be delegated to the US Government. In the majority of the cases, attacks against critical infrastructure are powered by persistent attackers and for this reason, a response requests specific cyber skills and the US CYBERCOM has them. Speaking of the CYBERCOM Bolling said it is the “agency that is best resourced to respond to threats to [U.S.] national interests…[and] critical infrastructure in the energy, finance and wider commercial space,". Private companies cannot carry out hack backs if we want to avoid a digital far west. A private company that decides to target its attackers is anyway a serious threat to the overall digital community. “For one, companies venturing out into foreign networks would run the risk of disrupting existing U.S. intelligence or military operations.” continues CyberScoop. According to Edward Amoroso, CEO of Tag Cyber, the US CYBERCOM should isolate the specific target to hit and attack it limiting the risk of any collateral damage. “I’d like to think there’s a lot of human intelligence and spy-craft that provides a really good view” to the government, said Amoroso. Experts warn of the risk of hack back non-responsible party due to a wrong attribution of the attack. Of course, every threat must be properly approached especially the ones that daily target the U.S. private sector. The three experts urge a proper cyber hygiene to mitigate the risks of cyber attacks and limit the necessity to carry out hack backs.
https://securityaffairs.co/
No comments :
Post a Comment