.png)
Iran’s elite hacking group is upping its game, according to new evidence delivered at a cybersecurity conference this week. The country’s APT33 cyberattack unit is evolving from simply scrubbing data on its victims’ networks and now wants to take over its targets’ physical infrastructure by manipulating industrial control systems (ICS), say reports.
APT33, also known by the names Holmium, Refined Kitten, or Elfin, has focused heavily on destroying its victims’ data in the past. Now though, the group has changed tack according to Ned Moran, principal program manager at Microsoft, who spoke at the CYBERWARCON conference in Arlington, Virginia on Thursday. Moran, who is also a fellow with the University of Toronto’s Citizen Lab focusing on security and information technologies, focuses on identifying and disrupting state-sponsored attackers in the Middle East.
The APT33 group is closely associated with Shamoon malware that wipes data from its targets’ systems. Experts have also warned of other tools in the group’s arsenal, including a data destruction tool called StoneDrill and a piece of backdoor software called TURNEDUP.
Moran said that APT33 used to use ‘password spraying’ attacks, in which it would try a few common passwords on accounts across lots of organizations. More recently, though, it has refined its efforts, ‘sharpening the spear’ by attacking ten times as many accounts per organisation while shrinking the number of organisations it targets. It has also focused heavily on ICS manufacturers, suppliers and maintainers, Moran said.
Of course Iran isn’t the only country accused of using malware to target and subvert industrial control systems. US-CERT has previously warned that groups “active in benefiting” both Russia and North Korea have been taking aim at US critical infrastructure.
More recently, the US admitted to a retaliatory cyberattack against Iran following allegations that the middle-eastern country shot down US drones and interfered with oil tankers during the summer.
It’s not difficult to see why industrial control systems are a tempting target for groups looking to cause maximum disruption.
It’s easy to see why industrial control systems are such a dangerous target and US cybersecurity chiefs have been warning of a potential “digital Pearl Harbor” for almost 20 years.
The problem of putting up adequate defences has been compounded by a historical lack of attention to security. Writing in 2016, Naked Security’s Chester Wisniewski described how history had caught up with industrial control systems designed for an earlier, less-connected age:
from Naked Security https://ift.tt/2XCNFVS
0 comments:
Post a Comment