Cyber criminals are expanding their global reach and targeting more industries than ever before. Threat actors who used to target Middle Eastern industries almost exclusively, have beefed up their cyber arsenal and are creating new industrial victims.
HYAS, a security intelligence firm, discovered a remote access trojan (RAT), known as njRAT, that is targeting critical infrastructures in France. This included an electricity provider, a transportation company, and multiple nuclear research facilities. Researchers revealed the identity of at least one attacker involved in the campaign.
One investigation identified an orchestrated phishing campaign that targeted French infrastructure firms. The attack was designed to steal data and provide a framework for further attacks and lateral movement, starting from IT networks and eventually reaching industrial OT layers.
No industrial vertical is immune from cyber threats. In March, 2020, a Colorado-based manufacturer, Visser Precision, confirmed that it was hit by a ransomware attack. The company, a supplier of aerospace and automotive components, suffered a data breach that compromised their files and the data which they shared with their aerospace industry partners. The DopplePaymer ransomware deployed in this attack was identified in June 2019.
Another critical manufacturer hit by DopplePaymer was Kimchuk, a US-based manufacturer that produces electronics for the medical and military sectors. Kimchuk suffered a leak of confidential documents after refusing to pay the ransom.
A California-based Communications & Power Industries (CPI) was hit by unknown ransomware. As a contractor for US Defense projects, its network contains data about numerous sensitive systems, including projects with a leading aerospace company.
After paying the 500K USD ransom, CPI was only able to restore a quarter of its network. The ransomware was introduced through a phishing email directed to a network admin, and it then spread quickly in the network, leveraging the lack of network segmentation and taking advantage of an outdated OS.
In March, 2020, EVRAZ Regina, the largest steel-producing plant in western Canada, was hit by RYUK ransomware and was forced to shut down production as it tried to stop the malware from spreading into more systems. Over 75% of their workforce was sent home on unpaid leave until they were able to restore all of the systems.
The long arm of cyber crime is threatening more and more industrial companies. The increasing depth and breadth of security events underscore the importance of enforcing a valid, comprehensive security policy in both one’s industrial organization, as well as in the networks of its third-party contractors. Industry leaders need to protect their organizations from cyber attacks and keep them safe, productive, and profitable.