Four new hacking groups targeting industrial systems have been detected over the past year and there’s an increased amount of investment from cyber attackers targeting industry and industrial control systems including electric power, water, oil and gas, and manufacturing steal information and cause disruption.
The four new groups identified over the course of the past year named by researchers as Stibnite, Talonite, Kamacite, and Vanadinite targeting industrial control systems.
Stibnite focuses on wind turbine companies that generate electric power in Azerbaijan, while Talonite almost exclusively focuses on attempting to gain access to electricity providers in the US.
Kamacite links to the Sandworm group has targeted industrial operations of energy companies across North America and Europe.
Vanadinite conducts operations against energy, manufacturing and transport across North America, Europe, Australia and Asia, with a focus on information gathering and ICS compromise.
The more visibility we build in the OT space, the greater understanding of its threat landscape and the adversaries active there we can identify. OT network attacks requires a different approach than traditional IT security.
Hackers are able to combine this lack of visibility with the ability to hide in plain sight by abusing legitimate login credentials to help move around the network. Campaigns targeting industrial systems involve phishing attacks or the exploitation of remote services, allowing the attackers to use real accounts to perform malicious activity while helping to avoid being detected as suspicious.
This activity could have physical effects away from a network environment, as recently demonstrated when a malicious hacker was able to modify the chemical properties of drinking water after compromising the network of the water treatment facility for the city of Oldsmar, Florida.
There are cybersecurity procedures that industrial organisations can undertake in order to boost visibility of their own networks and help protect systems from cyber intrusions.
Defence in depth to exercise control
Nework Segmentation & Network Access Control