Welcome to the 4th edition of the CyberX-Files. In this issue, we have a number of new stories about Dragonfly (aka Energetic Bear), the Russian threat group that’s targeted energy firms since at least 2013. You’ll also read about why Iran is now perceived as having an “A-Team” of cyberattackers, and several articles about why routers are now juicy targets for attackers.
Demonstrating Stuxnet-like sophistication, the adversaries exhibited a high-level of planning and resources consistent with past nation-state attacks on critical infrastructure. In particular, they exploited a PLC vulnerability and developed ICS-tailored malware to communicate directly with a specific type of industrial controller using its native ICS protocol. Watch this educational SANS webinar led by Justin Searle, Director of ICS Security at InGuardians and a senior SANS instructor, and Phil Neray, VP of Industrial Cybersecurity at CyberX, to learn more about TRITON and ICS cybersecurity.
In our 3rd edition of The CyberX Files, we’ll cover a busy month for the ICS security community. The US DHS and FBI confirmed that Russian threat actors have successfully compromised US critical infrastructure networks and new information emerged that TRITON may be connected to a series of cyberattacks on Saudi Arabian petrochemical plants. We have been busy as well, announcing the largest Series B funding round to date for an ICS cybersecurity company.
DHS/FBI Alert: Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors
This post originally appeared on LinkedIn. Yesterday’s unprecedented DHS/FBI announcement states that, since at least March 2016, “Russian government cyber actors—hereafter referred to as “threat actors”—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.” The attackers demonstrated sophistication by using a variety of […]
In August, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault. The attack was not designed to simply destroy data or shut down the plant. It was meant to sabotage the firm’s operations and trigger an explosion. The attack was a dangerous escalation in international cyberwarfare, as faceless enemies demonstrated both the drive and the ability to inflict serious physical damage.
CyberX’s Phil Neray discusses the TRITON attack and other growing cyberthreats to the oil & gas industries in the March/April 2018 edition of OILMAN magazine.