A cyberthreat group using malware tied to the Sony Pictures hack of late 2014 is attacking nuclear, defense, energy, and financial companies in what appears to be a campaign to gather information for future exploitation. In October and November alone, the malware has appeared on systems belonging to at least 87 organizations, most of them in the US, McAfee said in a report this week.
Sam Curry, Chief Security Officer at Cybereason:
“For the last decade, utilities and power companies have been among the least well protected of all critical infrastructure providers; and this is only now changing as regulations and attention are increasing. It should be expected that cyber criminals will always look for assets, both identity and bot resources; and nation states will always look to expand their influence and reach, grow their exploit stockpiles and hone their skills. It should come as no surprise that the high value and poorly defended sectors get the attention, and that puts utilities and energy in the cross hairs alongside the traditional target of financial services.
However, simply applying Occam’s Razor when a campaign is exposed is dangerous, especially when well known, older tools are in use. False flag operations abound, and it’s customary to cover tracks and use tools that are commonly attributed to others. Using RC4 for encryption or Duuzer as a Trojan is far from a smoking gun in Rising Sun as these have been around for over 3 years.
The name of the game has to be to both reduce the attack surface and exposure and engage in advanced detection. Reasons for Rising Sun range from a going-out-of-business sale use of old code to diversion or distraction attacks and from false flag operations to incriminate others to legitimate operations to catch as many assets before critical infrastructure further forts up. The bottom line is that the good old days of stale security are numbered, and the laggards need to improve the state of security now to avoid the wave of attacks that may come from attackers having trouble against their better protected, traditional targets.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.