CTC’s August 2018 Threat Report

Exploiting vulnerabilities isn’t merely the province of solo hackers and state-sponsored agents. If a weakness exists somewhere, it’s a safe bet that an effort is being made to identify and leverage it. Even if that effort is being made in a prison by the inmates themselves. (More on that in a minute.)

Large, concerted effort put Russian hackers into electric utilities

Russian hackers working as part of a large and concerted campaign managed to infiltrate U.S. electric utilities. Their efforts were so effective, in fact, that they could have caused blackouts.

Federal officials said the campaign likely continues.

The compromised networks incorporated “air gap” security measures. Such measures separate one network from another that considered less secure (for example, the internet). An air-gapped network is typically considered very secure. The weakness, in this case, appears to be less-secure networks of trusted vendors.

As reported by The Wall Street Journal:

“They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.

DHS has been warning utility executives with security clearances about the Russian group’s threat to critical infrastructure since 2014. … [DHS] continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously.

Since the attacks used employee credentials, some companies may not even know they’ve been violated.

Inmates leverage financial account vulnerability

With computer tablets available for their use, Idaho prisoners hacked a corrections-related service used to enable money transfers into prisoners’ accounts.

Specifics on how the inmates were able to achieve this were not provided. Telecommunications company CenturyLink said it is proprietary information. The vulnerability has since been resolved.

By the time officials uncovered the effort, more than 300 inmates had transferred a total of over $200,000 into their accounts. Fifty inmates exceeded $1,000 in false deposits; one inmate decided to go big and deposited just under $10,000.

Sophisticated Protection

Bad actors are relentless in their pursuit of an advantage of any kind, earned or not. Network hardware and software engineers regularly produce sophisticated defenses against them, but there’s no end to the threats posed by foreign and/or unethical agents.

CTC Technologies is ready to help your business shore up its cybersecurity to best-in-class levels. In addition, we offer services including implementation of endpoint protection solutions, firewalls, and data loss protection. Reach out to us at 734-408-0200 to speak to one of our cybersecurity specialists or click here today.