As reported today by CNBC and others, the US Department of Homeland Security and the FBI issued a warning to critical infrastructure (CNI) firms — specifically, nuclear power and other energy providers, water, aviation, and other critical manufacturing sectors — to be on the look-out for “highly targeted” long-term staged attacks by the Dragonfly APT group.
These attacks often penetrate through trusted third parties and establish operational control for data exfiltration. Brad Keller, Sr. Director, 3rd Party Strategy at Prevalent, Inc. (Warren, NJ) commented below.
Brad Keller, Sr. Director, 3rd Party Strategy at Prevalent, Inc. (Warren, NJ):
“US-CERT alert TA17-293A outlines the strategy used by criminals to gain access to companies by attacking their third party vendors – “The initial victims are peripheral organizations such as trusted third party suppliers with less secure networks”, noting that access to these networks facilitates access to their ultimate targets, in this case utility companies. While the alert states that this has been going on since May of this year, one can certainly speculate that these attacks have been going on for a much longer period of time.
This is the classic attack strategy used by criminals – breach third parties who generally have less sophisticated security controls to gain access to their customers. What this reinforces is that all companies, whether under a regulatory mandate to manage third party risk or not, owe it to their customers and shareholders to address these risks.”