Cybereason, creators of the leading cybersecurity AI Hunting Platform, unveiled results of its newest honeypot project looking at intrusion attempts against industrial control systems (ICS) environments in the energy sector.
Titled ‘ICS Threat Broadens: Nation-State Hackers Are No Longer The Only Game In Town,’ Cybereason’s report is first-of-its-kind research looking at the tactics, techniques and procedures used by a broadening group of threat actors to infiltrate energy companies. The findings revealed that the energy sector is now an attractive market for less skilled hackers, and we cannot assume nation-state attackers from countries such as China, Russia, North Korea and Iran are exclusively behind ICS attacks.
“Unlike other attackers who buy and sell access to compromised networks, the adversaries who purchased access to the ICS honeypot showed no interest in partaking in more generic and less targeted activity like running botnets for cryptomining, spamming and launching DDoS attacks,” said Israel Barak, Cybereason’s CISO.
Cybereason’s research comes on the heels of a recent report that Russian hackers have gained access to control rooms at power plants across the United States. In addition, the Department of Energy has scheduled a tabletop exercise this fall to test the readiness of the power grid to bounce back from a blackout caused by hackers.
“The biggest lesson learned from the honeypot is that multiple tiers of attackers find ICS environments interesting. That’s increasing risk for people who operate those types of systems. The security basics are really what’s going to prevent a bad day from becoming a catastrophic day,” said Ross Rustici, senior director, intelligence services, Cybereason.
Cybereason successfully launched another honeypot earlier this year targeting the financial services industry. Dubbed ‘Operation Honeypot,’ researchers learned that cyber criminals are using automated bots to support crimes such as spam campaigns, data mining and multi-purpose breaches that lay the foundation for human attackers to extract data and intellectual property.
Director, Public Relations