Last week the German Federal Office for Information Security (BSI) disclosed a cyber-attack on a steel plant, resulting in abnormal shut down of a large blast furnace and causing a serious failure of its system.
The campaign involved email which targeted specific individuals, misleading them into clicking on bogus links and providing hackers with login credentials. They were then able to access the plant’s networks and infiltrate its production systems.
The BSI report said that the attackers were highly skilled, using social engineering and network administration knowledge to circumvent IT security and specialized software designed to prevent such attacks. The responsible parties and their motives are unclear, and the name of the victimized plant was not revealed.
The sophistication of the criminals, who used very convincing and specific personal information in targeted email, is what we can expect in future campaigns. The technical capabilities of today’s bad actors to do damage once they have gained access have surpassed the amateurish hackers of the past.
Phishing continues to be the most common method by which hackers get into networks. EdgeWave’s Military Grade email security and web security systems provide a combination of expert human analysis and the strongest automated intelligence on the market to keep your network safe from hackers both internal and external to your organization. Read more about Military Grade cyber defense at www.edgewave.com.
The US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert on December 10 regarding an ongoing sophisticated malware campaign compromising ICS using a variant of the BlackEnergy malware. Read more here: https://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-281-01B