Phishing and Malware Attacks on American Infrastructure

Enterprise networks throughout the United States are experiencing an escalation of phishing and malware attacks orchestrated by technologically advanced criminal groups around the world. With the intent of stealing data, profiting financially, und degrading American infrastructures, multiple sectors have been increasingly suffering single-day bulk attacks of Phishing emails containing Malware 

However, the energy and utilities sector are of particular importance in the U.S., the grid is aging, and any cyberattack against it is likely to be disastrous for people and communities. Eineccording to Governing, legislation has been introduced in the House of Representatives to address these concerns.  

The Grid Modernization Research and Development Act of 2019, or House Resolution 5428,” Governing writes, would establish a research program to secure the nation's power grid in the event of natural disasters and cyberthreats while boosting emergency response times to such incidents.”  

Phishing Reports in Threat Intelligence Research 

Research from Mimecast’s Quarterly Threat Report showed that in the United States in September 2019, a campaign against the energy and utilities sector comprised more than 12,000 detections; one company in particular was attacked. The majority of the detections were RAR-based and included fraudulently branded courier delivery emails, indicating the attackers leaned heavily on phishing tactics.  

The research also highlighted how these cybercriminal groups tend to use compressed ZIP and RAR files carrying significant Trojan threats such as HawkeyeNanocore, and Lokibot – these compression files are common in email, meaning users are less likely to question their appearanceTrojan attack vectors can cause considerable damage to their targets, and when these targets are energy and utility systems, the impact can present grave risks to national security and welfare 

The U.S. electrical grid is the largest unified network in the world,” Christy Scuttles, business and energy reporter, told Governing. “Connecting power lines and generating plants to factories, homes and businesses.”  

Deloitte’s 2020 Power and Utilities Outlook noted that natural disasters hit particularly hard in 2019, continuing a pattern that signals the need for greater utility planning. At the same time, cyberattacks on the electric grid have increased and become more targeted in recent years, requiring power companies to continue fortifying their defenses. 

This research comes at a time when criminal groups have become even more organized, skilled, and even state-sponsored, demonstrating a high probability that cyberattacks against utilities will intensify in complexity and scale as long as they remain economically and politically profitable to the actors in question.  

Unfortunately, phishing and malware programs are some of the easiest and cheapest to enact, available for as little as $45 USDwhich highlights the importance of an operative cyber defense system.  Mimecast’s Quarterly Threat Report’s insights indicate the most common Malware vectors used in recent months were malware programs within compressed ZIP and RAR files transferred by mass Phishing emails, taking advantage of employee trust to ensure the engagement necessary for these viruses to penetrate the network.  

Once opened, more serious trojan programs like Hawkeye install, spying on clipboard data, keystrokes, login credentials, and licensing information. Nanocore, another trojan, functions as a remote access tool, allowing the attacker to collect information, steal money, and prevent anti-virus software from functioningPrimarily targeting smart phone device banking information, Lokibot also hitches a ride within these seemingly innocuous attachments, settling into the core operation system to appropriate root privileges. Fileless malware has also become more popularexploiting credible platforms and leaving virtually no trace for security engineers to follow 

Though these methods are pervasive, sichere E-Mail makes it possible to stop attacks before they reach their target audience. Einewareness training of employees can also have a positive effect on the penetrative success of these attacks. Though fileless attacks are difficult to find and destroy once active, obfuscation techniques, advanced deep parsing, and code analysis of each platform file can aid in removing them. These types of attacks won’t be ceasing anytime soon, so it’s paramount to ensure best practices within a network, or otherwise risk a breach that can compromise private data, finances, and overall system functionality. 

Malware via Phishing in the Wild 

Research on the topic has generally found malware-via-phishing attacks primarily focus on traditional assets, such as email accounts, web servers and browsers. For example, according to the InfoSec Institute’s cybersecurity expert Tyra ApplebyAn attacker will use a phishing email, website, text message or even a phone call to trick a victim into providing information ‘voluntarily’ or into clicking a malicious link that will redirect them to a nefarious website or download malicious software.”

Though these vectors are usually standard infections which can’t cause physical disruptions, they may serve as reconnaissance methods for more nefarious projects by criminal organizations 

Defending sensitive information, assets, and processes ist crucial to maintaining the American infrastructure framework when debilitating events do happen. Eine dam site compromised by a Malware breach could flood large swaths of river valleys where thousands of Americans reside. Disruption of a sewage plant would present a health risk to entire regions of the United States, and take monumental funding to manage cleanupThier is potential for grievous consequences when electricity grids experience severe cyberattacks, which have been shown to disable industrial safety systems of oil, gas, and nuclear facilities. The stakes will continue to grow higher in the coming years as hackers mimic potentially fatal programs like Triton und apply them to new objectives.  

There is a high probability that risks to American infrastructure and sectors will expand in speed and intensity as the aggression of criminal groups and state-sponsored actors expands,” states Carl Wearn, head of E-Crime at Mimecast. By deploying cheap, bulk attacks like phishing emails containing malware-infested files, they have the advantage – the cost to profit ratio is firmly in their corner.” 

U.S organizations and companies can take preventative measures, such as sichere E-Mail und awareness trainings for employees, but organizations must uphold them consistently to defend against the barrage of threat vectors prowling the cyber landscape.  

Sie wollen noch mehr Artikel wie diesen? Abonnieren Sie unseren Blog.

Erhalten Sie alle aktuellen Nachrichten, Tipps und Artikel direkt in Ihren Posteingang

Das könnte Ihnen auch gefallen:

Wie führt man ein Bedrohungsanalyseprogramm ein?

You can do this. When you think of impl…

You can do this. When you think of implementing a cyber thr… Read More >

Malcolm Harkins

by Malcolm Harkins

Chief Security and Trust Officer, Cymatic

Posted Jan 18, 2019

Supply-Chain-Angriffe in der realen Welt: Überbrückung der Cyber-Kluft

Cyberattackers attempted to take down th…

Cyberattackers attempted to take down the US electric grid&m… Read More >

Ed Jennings

by Ed Jennings

Former Chief Operating Officer

Posted Mar 25, 2019

Grenzüberschreitender C-Level-Betrug und Spear-Phishing

These long-standing cyberattack types ar…

These long-standing cyberattack types are more prevalent tha… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Mar 28, 2019