In an alert issued today, the US DHS and FBI described a “multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).” IT security experts commented below.
Ray DeMeo, Co-Founder and Chief Operating Officer at Virsec:
“It’s significant that US-CERT has specifically named the Russian government as being behind these attacks. It’s also startling to hear Secretary Perry say he is “not confident” that the US government has an adequate defensive strategy in place.
But these types of attacks are hardly new or surprising to security experts. There has been a huge increase in targeted reconnaissance, pivoting and stealthy attacks aimed at industrial control systems. We should expect nation-state hackers from multiple countries to be exploiting gaps in security, and our critical infrastructure is definitely vulnerable. We can’t wait for governments to act – every business touching sensitive or dangerous infrastructure needs to up their game in detecting advanced attacks and shutting them down as quickly as possible.”
Leo Taddeo, Former FBI Agent Chief Information Security Officer at Cyxtera Technologies:
“The Technical Alert (TA) issued by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) is an important reminder that nation states are actively targeting US government entities and organizations dealing with critical infrastructure. The ability of adversaries to access a network and then move laterally is well developed. Traditional security tools, like firewalls, NAC and VPN allow over-privileged access to resources – meaning once you’ve infiltrated the network, you can move unfettered throughout it.
“It’s well past the time for organizations to modernize their defenses. Technology based on a software defined perimeter (SDP), originally created by the Department of Defense, is designed to protect against these types of intrusions. The premise is that network access should be proportional to the security context the user presents at the time they’re trying to connect. Resources are only revealed on a need-to-know basis. Ultimately, each user’s access entitlements are dynamically altered based on identity, device, network, and application sensitivity. These are driven by easily configured policies. By aligning network access with application access, users remain fully productive, while the attack surface area is dramatically reduced. Traditional network security tools aren’t working – it’s simply too difficult and labour-intensive to attempt to solve.”