Hundreds of industrial companies are currently the targets of cyber-espionage activity from an advanced threat actor. The adversary uses a new version of an older info-stealer to extract sensitive data and files. The attacker uses spear-phishing emails with malicious attachments often disguised as PDF files. Separ is the malware of choice, which steals login data from browsers and email clients, also hunting for various types of documents and images.
The attacks on critical infrastructure and OT (operational technology) systems is relentless. I hope that a New Year’s resolution from plant owners and operators will be to embrace this risk and address it in a proportionate way before then end of 2020.
This kind of activity, likely perpetuated by a nation-state or serious organised crime group with the funds and man power to undergo such an operation, is an example of how enterprises need to protect themselves in ways unimaginable in the past; Industrial companies which fall under the remit of critical national infrastructure are just as valuable targets to a hostile nation state or an organised cybercriminal group as a government agency, and should defend themselves as such, employing the most sophisticated email filtering systems possible and focusing on cybersecurity awareness training at every level of the organisation.