Comment: Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems

It has been reported that one of Iran’s most active hacker groups appears to have shifted focus. Rather than just standard IT networks, they’re targeting the physical control systems used in electric utilities, manufacturing, and oil refineries. At the CyberwarCon conference today, a Microsoft security researcher plans to present new findings that show this shift in the activity of the Iranian hacker group APT33, also known by the names Holmium, Refined Kitten, or Elfin.


EXPERTS COMMENTS
Raphael Reich, Vice President,  CyCognito
November 23, 2019
Finding and eliminating this shadow risk is a prerequisite to keeping attackers out of organizations.
In today's hyperconnected world, discovering attack vectors such as software vulnerabilities means first discovering all of the assets in an organization's attacker-exposed IT ecosystem. But, many of these assets and their associated risks lurk in the shadows because they are unmanaged by the organization itself. Instead, the assets belong to cloud providers, partners, subsidiaries, etc. Finding a ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
November 23, 2019
A strong security culture can help protect against attacks through phishing.
Aside from something with criminals attacking companies for financial gain, there are state-sponsored and other groups engaged in espionage against specific industries and the automotive industry is no exception. While the FBI has not offered details in its report, it is clear that these criminal actors often gain access through phishing emails or by compromising weak credentials. As such, user ....
[Read More >>]
Moreno Carullo, Co-founder and CTO,  Nozomi Networks
November 23, 2019
Governments and critical infrastructure organisations should absolutely be worried about these threats.
Governments and critical infrastructure organisations should absolutely be worried about these threats. As the lines between IT and OT become more and more blurry, cybercriminals and nation states are realising that targeting these critical OT systems can cause huge damage, especially if their end goal is chaos and disarray. Because utilities offer critical services, it will increasingly make them ....
[Read More >>]
Stuart Sharp, VP of Solution Engineering,  OneLogin
November 23, 2019
Modern SSO methods can protect against account lockout by offering passwordless login flows.
MFA is always the first line of defence against automated password attacks. This should be combined with enforcing strong password policies, and ideally checking passwords against known breached credentials. But even if APT33 does not succeed in accessing your environment, it can still cause damage - the side effect of password spray attacks is that accounts are locked due to too many failed pass ....
[Read More >>]
Martin Jartelius, CSO ,  Outpost24
November 23, 2019
This is of course a risk and shows again that the use of multi-factor authentication is a good precaution.
Partially, the attacks as described below are crude and loud, but they seem to work. This is of course a risk and shows again that the use of multi-factor authentication is a good precaution. Anyone operating ICS networks should be careful, and worried, about the security of those devices. The worst cases are when they are exposed in such a manner that they can be reached from the internet or from ....
[Read More >>]
Adam Laub, CMO,  STEALTHbits Technologies
November 23, 2019
APT33’s or any other group’s focus on manufacturers and ICS-related industries.
Sadly, one can only hope - at least for the time being - that APT33’s or any other group’s focus on manufacturers and ICS-related industries is limited to reconnaissance and espionage. The damage of identity or IP theft would pale in comparison to the catastrophic failure of a power plant in the dead of winter or any number of unthinkable scenarios. In a world where there general public has ....
[Read More >>]
Ray DeMeo, Co-Founder and COO,  Virsec
November 22, 2019
The ICS industry needs a serious wakeup call to take these threats more seriously.
There’s a common misconception that OT systems are less vulnerable to attack that IT systems. It’s not necessary to hack physical equipment to cause disruption or damage to industrial equipment. The control system (SCADA and others) are largely run on conventional Windows machines and vulnerable to a wide range of external, supply chain and insider attacks. We’ve seen repeatedly, with attack ....
[Read More >>]
Adam Laub, CMO,  STEALTHbits Technologies
November 22, 2019
The damage of identity or IP theft would pale in comparison to the catastrophic failure of a power plant.
Sadly, one can only hope - at least for the time being - that APT33’s or any other group’s focus on manufacturers and ICS-related industries is limited to reconnaissance and espionage. The damage of identity or IP theft would pale in comparison to the catastrophic failure of a power plant in the dead of winter or any number of unthinkable scenarios. In a world where there general public has ....
[Read More >>]
Sam Curry, Chief Security Officer,  Cybereason
November 22, 2019
If you want to hamstring a country, drive trade concessions, win at the diplomacy table or amass power for strategic gains.
Microsoft's research into APT33's recent targeting of industrial control systems reminds us that in the great cyber game, it’s about using peacetime to build “optionality”; amass assets, resources and access. The Iranian cyber forces are masters of this, and seeing increases in the cold war that is cyber conflict, it makes sense that they would continue to grow what’s worked in the past: e ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article