It took cyber criminals three days to storm a fake computer system
According to recent tests by teams of cybersecurity researchers, industrial networks are at great risk from ransomware-type cyberattacks.
This conclusion was made as a result of an experiment that these researchers initiated to see how exposed computer systems are. The result is impressive, because cybercriminals have proven that it takes them little time to successfully infiltrate these networks through critical vulnerabilities that even researchers might ignore.
The infrastructure that has served as decoys has been designed to highlight the same problems that the usual structures face. These include less solid passwords, remote internet-connected position control, and other general practices observed in the industry. They released the dummy infrastructure in early 2020. And the hackers, after 3 days had already discovered the network and tried several times to access it. Some of them managed to compromise it by using, among other things, a ransomware attack campaign, in which they managed to break into the network and steal some login credentials. "Very soon after the launch of the honeypot, the ransomware capacity was placed on every compromised machine," says Israel Barak, the head of information security at Cybereason, the company that initiated the test.
It was by using some remote administration such as RDP that they were able to place their malware in the network. And this allowed them to connect to control some offices remotely. Once this step was complete, the cybermals were creating a backdoor to a compromised server. To do so, they used additional PowerShell programs, namely Mimikatz, through which they were able to steal useful login credentials for the rest of their business. Subsequently, malicious cybers continued to analyze the network in order to discover as many access points as possible and to collect the identifiers as they were still discovering them.
Computer security experts deduced from this computer attack that the danger posed by this exposure was twofold. Indeed, in addition to running a ransom malware, hackers have proven that they can still continue to collect sensitive information such as passwords and usernames. Information that they can use as leverage in negotiations with the Victim of the corrupt network, as long as the latter does not want to give in to blackmail. "It is only after the other stages of the attack are completed that the ransomware spreads across all compromised terminals simultaneously. This is a common feature of multi-stage ransomware campaigns, which aim to amplify the impact of the attack on the victim," says Cybereason specialist Israel Barak.
On the other hand, we can simply note that some cyber criminals discovered the trap, when attacks multiplied against the network. While some were trying to break into the network to grab it, other cyber-prisoners simply made a recognition of the system every time the test was launched.
Beyond the tests that sought to determine the potential problems that such a network could face, the fact remains that the danger was not negligible during the various computer attacks. One can simply try to imagine what might happen if it were indeed the grid of an electricity supplier.
Another important point was observed. Cyber criminals tend to rely heavily on ransom programs when they want to attack infrastructure, especially when they cannot easily compromise it. The Cybereason researchers' report calls this a "constant barrage of attacks on the sector." The consequences in terms of risk will become more and more intense. From a simplistic point of view, even improvements in password composition and access methods are natures to enhance infrastructure security. It is only after mastering the basics that one can try to complicate things.
Now access an unlimited number of passwords: