Dave Farber
2018-08-16 08:37:58 UTC
Date: August 16, 2018 at 15:13:53 GMT+9
Subject: [Dewayne-Net] Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say
[Note: This item comes from reader Randall Head. DLH]
Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say
Blackouts could have been caused after the networks of trusted vendors were easily penetrated
By Rebecca Smith
Jul 23 2018
<https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110>
Hackers working for Russia claimed âhundreds of victimsâ last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said. They said the campaign likely is continuing.
The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, âair-gappedâ or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.
âThey got to the point where they could have thrown switchesâ and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.
DHS has been warning utility executives with security clearances about the Russian groupâs threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously.
It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.
Experts have been warning about the Russian threat for some time.
âTheyâve been intruding into our networks and are positioning themselves for a limited or widespread attack,â said Michael Carpenter, former deputy assistant secretary of defense, who now is a senior director at the Penn Biden Center at the University of Pennsylvania. âThey are waging a covert war on the West.â
Russia has denied targeting critical infrastructure.
Mr. Homer said the cyberattack, which surfaced in the U.S. in the spring of 2016 and continued throughout 2017, exploited relationships that utilities have with vendors who have special access to update software, run diagnostics on equipment and perform other services that are needed to keep millions of pieces of gear in working order.
The attackers began by using conventional toolsâspear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websitesâto compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.
Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks.
Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers âhave to learn how to take the normal and make it abnormalâ to cause disruptions, said Mr. Homer.
Their goal, he said: to disguise themselves as âthe people who touch these systems on a daily basis.â
DHS is conducting the briefingsâfour are plannedâhoping for more industry cooperation. One thing the agency is trying to learn is whether there are new infections, and whether the Russians have figured out ways to defeat security enhancements like multifactor authentication.
In addition, DHS is looking for evidence that the Russians are automating their attacks, which investigators worry could presage a large increase in hacking efforts. âTo scale, theyâre eventually going to have to automate,â Mr. Homer said.
[snip]
Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
Twitter: https://twitter.com/wa8dzp
-------------------------------------------Subject: [Dewayne-Net] Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say
[Note: This item comes from reader Randall Head. DLH]
Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials Say
Blackouts could have been caused after the networks of trusted vendors were easily penetrated
By Rebecca Smith
Jul 23 2018
<https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110>
Hackers working for Russia claimed âhundreds of victimsâ last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts, federal officials said. They said the campaign likely is continuing.
The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, âair-gappedâ or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.
âThey got to the point where they could have thrown switchesâ and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.
DHS has been warning utility executives with security clearances about the Russian groupâs threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously.
It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.
Experts have been warning about the Russian threat for some time.
âTheyâve been intruding into our networks and are positioning themselves for a limited or widespread attack,â said Michael Carpenter, former deputy assistant secretary of defense, who now is a senior director at the Penn Biden Center at the University of Pennsylvania. âThey are waging a covert war on the West.â
Russia has denied targeting critical infrastructure.
Mr. Homer said the cyberattack, which surfaced in the U.S. in the spring of 2016 and continued throughout 2017, exploited relationships that utilities have with vendors who have special access to update software, run diagnostics on equipment and perform other services that are needed to keep millions of pieces of gear in working order.
The attackers began by using conventional toolsâspear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websitesâto compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.
Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks.
Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers âhave to learn how to take the normal and make it abnormalâ to cause disruptions, said Mr. Homer.
Their goal, he said: to disguise themselves as âthe people who touch these systems on a daily basis.â
DHS is conducting the briefingsâfour are plannedâhoping for more industry cooperation. One thing the agency is trying to learn is whether there are new infections, and whether the Russians have figured out ways to defeat security enhancements like multifactor authentication.
In addition, DHS is looking for evidence that the Russians are automating their attacks, which investigators worry could presage a large increase in hacking efforts. âTo scale, theyâre eventually going to have to automate,â Mr. Homer said.
[snip]
Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
Twitter: https://twitter.com/wa8dzp
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20180816043811:B38C1338-A12F-11E8-8E70-BF92CDF57F3B
Powered by Listbox: https://www.listbox.com