Tuesday, October 23, 2018

Cyberattacks Are Becoming A Greater Challenge


Image result for cyber attack


In a world increasingly connected by technology, we’re seeing more reports of cyberattacks on oil and gas and other energy-related industries as the number of entry points for hackers increases. Indeed, the U.S. Department of Homeland Security recently reported that Russian hackers had made it into the control rooms of U.S. electric utilities, gaining access to potentially cause harm to U.S. critical infrastructure.
Attacks like those and the recent shutdowns of U.S. natural gas pipelines ring alarm bells for all critical infrastructure industries, especially as they were foreshadowed by the 2017 NotPetya and CrashOverride/Industroyer malware attacks, compromising electric power grids in the Ukraine. Possible motives of those attacks included geopolitical tensions, and to demonstrate one nation’s ability to disrupt another by shutting down operations and damaging physical equipment.
Similarly, one Russian group, BLACK GHOST KNIFEFISH (aka Dragonfly), has already targeted oil, natural gas and energy production firms, among others.  The goal: reconnaissance to figure out how to manipulate control systems and test the response to an attack aimed at bypassing safety industrial systems and disrupting operations or damaging facilities.

Accenture Security’s iDefense threat intelligence group believes this campaign against critical infrastructure and key resources, such as aviation, electric, water, and other facilities, will very likely continue. We predict that BLACK GHOST KNIFEFISH will attempt to retain or re-establish persistent backdoor access to victim industrial control systems with the intended goal of being able to disrupt, degrade, or destroy the operation of those critical infrastructures at will.
In Iran, Accenture’s threat intelligence analysts believe that because of political tensions stemming from the possible abolishment of country’s nuclear agreement, the Islamic Revolutionary Guard Corps (IRGC) Cyber Command is highly likely to resurrect its cyber threat activity against organizations in multiple industries including energy.

Right in the cross-hairs of hackers’ sights is the oil and gas industry, slowly digitizing its IIoT (Industrial Internet of Things) systems. In fact, two-thirds of oil and gas IT managers said digitization has made them more vulnerable to security compromises, according to our recent Cyber Threatscape Report 2018.

With the high number of entry points along the energy value chain, the rise of IIoT, and the potential damage or disruption that a cyber incident could inflict on the security -- and economy of any oil-producing country -- the oil and gas industry will continue to be attractive to hackers.
Oil and gas companies should go far beyond their annual attack and penetration testing and should engage a firm to provide adversary attack simulation services, threat hunting and acquire threat intelligence focused on their most critical assets.  Accenture’s approach for these sorts of solutions is to perform reconnaissance of an energy company, gain access to systems and navigate to critical operational technology and ICS (industrial control) systems. We then educate that company on how and where we should have been stopped.  This helps the firm to become better prepared for an actual attack by sparring with a “Red Team” adversary whose only purpose is to educate.
As potential gains in reducing energy operations and business costs through automation continue to emerge, IT and OT convergence will further grow throughout the energy value chain, despite the potential increase in security vulnerabilities to the IT and OT environments.
In our recent study, only 13 percent of organizations consider future threats when drawing up their security budgets. These responses point to a clear need for more effective use of actionable threat intelligence.
So, it’s vital that companies in these industries act now to improve and scale cybersecurity capabilities.
To help mitigate these risks, here are three ways to help guard against cyber threats:

  • Don’t wait until a breach happensEstablish a routine engagement for threat hunting teams to examine networks and ensure all traffic is being actively monitored to detect anomalies.
  • Adopt a continuous response model. Conduct table top exercises or other active training to ensure employees, first responders and senior executives understand their role in response to a breach. Create an incident response plan if one does not exist and test it regularly.
  • Enhance your threat-intelligence capabilities through advanced data analytics. Anticipate risks and adopt a more proactive approach to defensive strategies through the utilization of actionable threat intelligence.

No comments:

Post a Comment

Which Python course is best for beginners?

Level Up Your Python Prowess: Newbie Ninjas: Don't fret, little grasshoppers! Courses like "Learn Python 3" on Codecade...