Wednesday, July 2, 2014

Russian Hackers.....

Russian Hackers target Oil and Gas –

“In this attack, instead of targeting a victim’s computer network directly, hackers infect websites their targets visit often — like an online menu for a Chinese restaurant — with malicious software. Without knowing it, workers visiting that site inadvertently download the so-called malware and help the hackers get inside their computer network.”

“The Russian hackers were careful to cover their tracks, the researchers said. They hid their malware using encryption techniques that made it difficult to identify their tools and where they came from. In some cases, researchers found evidence that the hackers were probing the core of victims’ machines, the part of the computer known as the BIOS, or basic input/output system. Unlike software, which can be patched and updated, once a computer’s hardware gets infected, it typically becomes unusable.”

“The Russian hackers have been breaking into the networks of industrial control software, or I.C.S., makers, inserting so-called Trojans into the software used by many oil and energy firms to allow employees to remotely get access to industrial control systems. So when oil and gas companies downloaded the latest version of the software, they inadvertently downloaded the hackers’ malware as well.”

“Security researchers estimate that more than 250 companies downloaded the infected software updates.”

“These infections not only gave the attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations against infected I.C.S. computers,”

“There was no evidence the Russian group intended to use its toehold in some networks to inflict damage, like blowing up an oil rig or power facility, said Kevin Haley, the director of security response at Symantec, in an interview. The apparent motive, Mr. Haley said, was to learn more about energy companies’ operations, strategic plans and technology. “But the potential for sabotage is there,” he added.”

“More recently, Energetic Bear has been targeting companies in the financial sector, said Adam Meyers, CrowdStrike’s head of threat intelligence. In particular, the group has been attacking, with the watering hole technique, some websites frequented by firms that invest in the energy sector.”

“Once someone visits an infected site, Mr. Meyers said, attackers will infect their system, scan their device to see if it is worth hacking, and then install sophisticated hacking tools. For devices deemed uninteresting, the attackers simply clean up their tools and move along.”

“They are very aggressive,” Mr. Meyers said. “And very careful to cover their tracks.”

http://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html?_r=0#

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home