Several States across the nation are reviewing Cyber Security for Critical Infrastructure after the Burlington Electric Department found a laptop containing the Grizzly Steppe malware some attribute to Russian Hackers. It security experts from Tripwire and Plixer commented below.
Tim Erlin, Senior Director of IT Security and Risk Strategy at Tripwire:
“The Department of Homeland Security (DHS) report included ‘indicators of compromise’ specifically to allow other organizations to identify this malware and similar malicious activity. States and other organizations should use the indicators released by DHS to search their systems for evidence of the Grizzly Steppe malware.Malware is meant to be reused, so it shouldn’t be surprising to find evidence of this particular tool in other organizations. Actual attribution of an incident to a particular attacker isn’t as simple as finding a specific piece of malware. Attribution generally requires information about the tools, techniques and other behaviors of the attacker to be conclusive.”
Michael Patterson, CEO at Plixer:
“The attack on the Ukrainian power grid may have been just a test for a much larger planned attack on the USA. The air gaps on our military systems that were proposed by Donald Trump should be enforced on our nations utilities as well. Despite improvements in malware detection, defenses against computer viruses are falling short more than ever before. The new defense is investigation by collecting flow technologies such as NetFlow and IPFIX. These technologies allow security teams to play back malware traffic patterns similar to camera systems. Only then can we see how the malware got in, how it moved around the network, where it moved to and what else might be infected.”