Criminals Target American Infrastructure with Phishing and Malware

Enterprise networks throughout the United States are experiencing an escalation of phishing and malware attacks orchestrated by technologically advanced criminal groups around the world. With the intent of stealing data, profiting financially, and degrading American infrastructures, multiple sectors have been increasingly suffering single-day bulk attacks of phishing emails containing malware. 

However, the energy and utilities sector are of particular importance in the U.S., the grid is aging, and any cyberattack against it is likely to be disastrous for people and communities. According to Governing, legislation has been introduced in the House of Representatives to address these concerns. 

“The Grid Modernization Research and Development Act of 2019, or House Resolution 5428,” Governing writes, “would establish a research program to secure the nation's power grid in the event of natural disasters and cyberthreats while boosting emergency response times to such incidents.” 

Phishing Reports in Threat Intelligence Research

Research from Mimecast’s Quarterly Threat Report showed that in the United States in September 2019, a campaign against the energy and utilities sector comprised more than 12,000 detections; one company in particular was attacked. The majority of the detections were RAR-based and included fraudulently branded courier delivery emails, indicating the attackers leaned heavily on phishing tactics. 

The research also highlighted how these cybercriminal groups tend to use compressed ZIP and RAR files carrying significant Trojan threats such as Hawkeye, Nanocore, and Lokibot – these compression files are common in email, meaning users are less likely to question their appearance. Trojan attack vectors can cause considerable damage to their targets, and when these targets are energy and utility systems, the impact can present grave risks to national security and welfare. 

“The U.S. electrical grid is the largest unified network in the world,” Christy Scuttles, business and energy reporter, told Governing.“ Connecting power lines and generating plants to factories, homes and businesses.” 

Deloitte’s 2020 Power and Utilities Outlook noted that natural disasters hit particularly hard in 2019, continuing a pattern that signals the need for greater utility planning. At the same time, cyberattacks on the electric grid have increased and become more targeted in recent years, requiring power companies to continue fortifying their defenses.

This research comes at a time when criminal groups have become even more organized, skilled, and even state-sponsored, demonstrating a high probability that cyberattacks against utilities will intensify in complexity and scale as long as they remain economically and politically profitable to the actors in question. 

Unfortunately, phishing and malware programs are some of the easiest and cheapest to enact, available for as little as $45 USD, which highlights the importance of an operative cyber defense system.  Mimecast’s Quarterly Threat Report’s insights indicate the most common malware vectors used in recent months were malware programs within compressed ZIP and RAR files transferred by mass phishing emails, taking advantage of employee trust to ensure the engagement necessary for these viruses to penetrate the network. 

Once opened, more serious trojan programs like Hawkeye install, spying on clipboard data, keystrokes, login credentials, and licensing information. Nanocore, another trojan, functions as a remote access tool, allowing the attacker to collect information, steal money, and prevent anti-virus software from functioning. Primarily targeting smart phone device banking information, Lokibot also hitches a ride within these seemingly innocuous attachments, settling into the core operation system to appropriate root privileges. Fileless malware has also become more popular, exploiting credible platforms and leaving virtually no trace for security engineers to follow. 

Though these methods are pervasive, secure email makes it possible to stop attacks before they reach their target audience. Awareness training of employees can also have a positive effect on the penetrative success of these attacks. Though fileless attacks are difficult to find and destroy once active, obfuscation techniques, advanced deep parsing, and code analysis of each platform file can aid in removing them. These types of attacks won’t be ceasing anytime soon, so it’s paramount to ensure best practices within a network, or otherwise risk a breach that can compromise private data, finances, and overall system functionality.

Malware via Phishing in the Wild

Research on the topic has generally found malware-via-phishing attacks primarily focus on traditional assets, such as email accounts, web servers and browsers. For example, according to the InfoSec Institute’s cybersecurity expert Tyra Appleby, “An attacker will use a phishing email, website, text message or even a phone call to trick a victim into providing information ‘voluntarily’ or into clicking a malicious link that will redirect them to a nefarious website or download malicious software.”

Though these vectors are usually standard infections which can’t cause physical disruptions, they may serve as reconnaissance methods for more nefarious projects by criminal organizations. 

Defending sensitive information, assets, and processes is crucial to maintaining the American infrastructure framework when debilitating events do happen. A damsite compromised by a malware breach could flood large swaths of river valleys where thousands of Americans reside. Disruption of a sewage plant would present a health risk to entire regions of the United States, and take monumental funding to manage cleanup. There is potential for grievous consequences when electricity grids experience severe cyberattacks, which have been shown to disable industrial safety systems of oil, gas, and nuclear facilities. The stakes will continue to grow higher in the coming years as hackers mimic potentially fatal programs like Triton and apply them to new objectives. 

“There is a high probability that risks to American infrastructure and sectors will expand in speed and intensity as the aggression of criminal groups and state-sponsored actors expands,” states Carl Wearn, head of E-Crime at Mimecast. “By deploying cheap, bulk attacks like phishing emails containing malware-infested files, they have the advantage – the cost to profit ratio is firmly in their corner.”

U.S organizations and companies can take preventative measures, such as secure email and awareness trainings for employees, but organizations must uphold them consistently to defend against the barrage of threat vectors prowling the cyber landscape.