A malware which is the APT BlackEnergy group successor and called GreyEnergy is a big threat to energy companies and other important sectors recently discovered by ESET researchers. This malware was detected designed to exploit ICS / SCADA.
Supervisory Control And Data Acquisition (SCADA) is an Industrial Control System (ICS) which is a system architecture that uses computers, networked data communications that are usually used in factories, industries, infrastructure and service systems.
ICS / SCADA is not spared from cyber attacks. If you look back in 2015, at that time the Ukrainian power plant got a BlackEnergy malware attack that shut down the country's electricity for six hours. Followed by Industroyer in 2016 which caused darkness for one hour. These two events indicate that Industrial Control System / SCADA can be exploited for cyber crime.
After attacks on important infrastructure in Ukraine, after the 2015 blackouts, the group appears to have stopped actively using BlackEnergy and evolved into TeleBots. TeleBots is famous for causing the spread of the NotPetya global outbreak, disk eraser malware that disrupts global business operations in 2017 and causes billions of dollars in losses.
ESET researchers recently confirmed that TeleBots is also connected to Industroyer, the most powerful modern malware exploiting the Industrial Control System and mastermind behind the second power outage in the Ukrainian capital, Kiev, in 2016.
GreyEnergy appears with Telebots, but its activity is not limited to Ukraine, it is built for wider targets and moves under the radar. The results of ESET's analysis found that this malware has various modules that are used for espionage and reconnaissance purposes, including: backdoor, stealing files, taking screenshots, keylogging, passwords, and theft of credentials, much more.
"GreyEnergy is a real threat to the new form and purpose of malware. Targeted Attack like this is predicted to grow, along with the development of industry towards Industry 4.0. It is time for each industry to review the system and mitigate future attacks. Currently monitoring data is not enough, it requires data activity monitoring devices that are able to detect attacks like this and support SCADA devices for certain industries, "said Technical Consultant, PT Prosperita - ESET Indonesia, Yudhi Kukuh, Thursday (27/10).
Industrial Control System (ICS) or Supervisory Control And Data Acquisition (SCADA) is the most frequently used software in industry and important infrastructure management, the problem is that these tools are often not protected by security solutions, in the SANS 2017 survey in November on Industrial Control Securing System, four out of ten practitioners said they did not have visibility into their network. This limitation is one of the main obstacles to securing the ICS system.
But the detection of GreyEnergy's presence and in-depth analysis of ESET shows success in building defenses from dangerous threats and a good understanding of the most modern and dangerous malware groups. Therefore it is important for all industries to implement appropriate security solutions accompanied by the implementation of network traffic analysis technology to analyze any unknown behavior anomalies, detect threats to the network as a whole so that there is not a single threat that can escape detection.
"Even though the attack already has a specific target location, sometimes the malware breaks the boundaries that have been made. Indonesia has its own record in organized malware attacks. ESET noted that Indonesia had the second largest number of attacks with a distribution of 17.4% after Iran was indeed the target of StuxNet's attack, a type of malware that also attacked SCADA. After that, the WannaCry ransomware had attacked the hospital industry in the country and had caused a stir in the country, "concluded Yudhi.
No comments:
Post a Comment