Earlier this week, FireEye reported that it has detected and stopped spear phishing emails sent in September to U.S. electric companies by known cyber threat actors likely affiliated with the North Korean government. Moreno Carullo, Co-Founder & Chief Technical Officer at Nozomi Networks commented below.
Moreno Carullo, Co-Founder & Chief Technical Officer at Nozomi Networks:
“Reports of cyber threat actors targeting US electric companies with a spear phishing campaign are an indicator of a sinister development in cyber warfare. Rather than causing immediate disruption or liberating data, these criminal groups are able to demonstrate great skill, focus and determination during this intelligence gathering phase of the attack.
“Attackers continue to successfully exploit the human element of the chain to gain a foothold in networks, able to then navigate to the deep and secret areas of the infrastructure. With the recent Dragonfly 2.0 attacks highlighting attackers’ capabilities, organizations must ask themselves what should they be trying to prevent – criminals having carte blanche access to the network or them subsequently using the gathered intelligence to launch an attack? I’d argue it’s the reconnaissance element that needs to be stamped out – after all, you wouldn’t allow a thief to watch as you hide your jewels or enter alarm codes.
“However, arguably ‘reconnaissance’ activity is difficult to detect unless anomalous behavior is being actively monitored for – a challenge for critical infrastructure that operates on a ‘do no harm’ principle. Thankfully there are options as technological advances, such as machine learning and artificial intelligence, now offer operational technology defenders the tools to detect and intelligence to remediate incursions in real time amid an escalating threat landscape.”