Email-borne attacks come in various shapes and sizes- phishing, spear phishing, Trojans, malicious attachments, hidden scripts and more. While most have evil intentions... some are more sinister than others.
In 2014 a steel plant in Germany was attacked by a group of unknown hackers. The attackers were targeting Industrial Control Systems (ICS), with what appears to be the objective of damaging the company’s productivity. The attackers were able to cause “massive damage to the system” according to one report. Though the hackers appear to have relied on some very specialized malware designed with ICS targeting built in, they gained their initial access via a fairly basic spear phishing attack.
The volume of malicious email has exploded over the past few years, all the while the growing number of malware variants designed to specifically target Industrial Control Systems has grown along with it. Meanwhile, phishing/spear phishing has remained a popular attack vector for malicious actors trying to gain that initial access to an organization. Once inside an organization and a back door has been established, the attackers can further infect the target with these sorts of specialized malware that can take control of things like ICS.
For example the Dragonfly group compromising several multiple companies in the Energy sector often using a remote access trojan dubbed Havex in the summer of 2013. These infections originated with targeted emails to one or more people at a given organization. Once inside, they were able to implant their trojan inside software that was available for download on these companies websites, potentially compromising ICS that were currently in use. These malicious assets could have later been used for much more sinister purposes.
So why is hacking against ICS so concerning? ICS include things like Energy Management Systems, Distributed Control Systems, Instrument Control, Building Automation, Programmable Logic Controllers, etc... These are the systems that control utilities like power grids to drinking water, safety systems to manufacturing plants… just to name a few. In other words there is a great deal of damage that can be done by attacking ICS.
These types of attacks will prove to be more complex and more frequent going forward as more automation continues to expand across the globe. ICS will be targeted by for profit hacking groups as well as attacks initiated by nation states. We can expect to see these attacks against business and government entities and utilities alike.
While there is no cure-all that will put an end to these attacks, security professionals can focus on shrinking the attack surface. We know that attackers often use spear phishing as an initial infection vector to ultimately gain access to internal networks. So, organizations can mitigate their odds of attack by using an intelligent email security solution, and educating its users on best practices for IT security. After all, most employees don’t realize that it only takes one entry point for an entire network to become compromised.
Other tips to shore up your defenses include:
Hackers often leverage vulnerabilities in outdated software. That’s why Web browsers and third-party software must be kept up to date. Keep a healthy level of skepticism when reading unsolicited email. Never click on its links or attachments. Foster a work environment that rewards honesty. Once a company’s perimeter has been breached, reaction time plays a critical role in mitigating the damage. Employees should not be afraid of facing repercussions if they’ve fallen victim to an attack. Instead, they should be encouraged to inform their IT Department straight away.