Security researchers laid bait for hackers targeting ICS systems, with troubling but unsurprising results: cybercriminals able to move adeptly from network to operational technology (OT) environments.
This November, the US will test the ability of the nation’s power grid to bounce back from a simultaneous cyber-attack on electric, oil and natural gas infrastructure. It comes after numerous attacks on critical infrastructure, such as the hack into the control system of a dam in New York and the shutdown of Ukraine’s power grid.
Concern that a malicious actor—possibly a nation state—might launch a potentially devastating assault that could put lives at risk is radiating across the globe. Earlier this year, the UK and US made an unprecedented joint statement blaming Russia for cyber-attacks on businesses and consumers.
In the announcement, the National Cyber Security Centre (NCSC) and US Department of Homeland Security and the FBI warned that network infrastructure devices could be used to lay the groundwork for future attacks on power stations and energy grids.
It is with these risks in mind that security firm Cybereason set up a honeypot earlier this year to emulate the power transmission substation of a major electricity provider. The findings were unexpected: Cybereason found that adversaries have a new approach to sourcing the tools they can use to compromise industrial control systems (ICS) that underpin critical infrastructure, says the firm's CISO Israel Barak. “Rather than strategically targeting individuals with network access, the actors that compromised the honeypot bought the asset from a forum on the dark web.”