Advanced hackers are increasingly targeting specific government entities and high-risk industries, according to a joint report from the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI), released Friday.
The technical alert noted that certain government networks and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors were at risk of targeted advanced persistent threat (APT) actions. The threat activity is multi-stage, with attackers first targeting low-value networks in order to gain access and potentially move over to high-value networks later on, the report noted.
The risks have been identified, but they haven’t been stopped, the report said. According to the alert, “DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign.”
SEE: Network security policy template (Tech Pro Research)
Some of the attacks began as early as May 2017, the report said. Others have led to network compromise, the report noted. For the energy sector, attacks in the past have ranged from cyberspying to physical service disruption.
Victims in these attacks can be either a staging target or intended target. Companies like third-party suppliers are initially targeted as staging targets. Once the attacker gains access to their network, they pivot to attack the intended target to compromise their network, the report said.
The report also noted that the attackers used the following tactics in their attacks:
- Open source reconnaissance
- Spear-phishing emails
- Watering-hole domains
- Host-based exploitation
- Industrial control system (ICS) infrastructure targeting
- Ongoing credential gathering
With the potential for attacks in these sectors, employees in firms that serve these areas should be vigilant about potential attacks that fit this framework. DHS said that anyone who sees these kinds of attacks should report them to the department itself.
Further prevention, detection, and response suggestions are offered by TechRepublic columnist Gregory Michaelidis here.
The 3 big takeaways for TechRepublic readers
- Cyberattacks are targeting government entities and companies that service critical manufacturing, along with the energy, nuclear, water, and aviation sectors, a joint DHS/FBI report said.
- The risks are ongoing, and the attackers are using a two-stage attack plan with staging and intended targets involved.
- Attackers are using techniques such as spear-phishing emails, watering-hole domains, host-based exploitation, and more.