Financial services institutions and manufacturers linked to diverse supply chains should brace themselves for targeted cyberattacks from APT groups. In the last 48 hours, we have seen a significant rise in reconnaissance attacks on firms in these sectors indicating the mobilizations of APT, sub-APT groups, and independent hackers.
Here are the key trends we have recorded in our global honeypots over the weekend:
- All honeypots have registered a rise in inbound cyberattacks
- 13 honeypots in Europe across Finland, Germany, Estonia, and Lithuania register the biggest rise in cyberattacks
- Most of the attacks are emerging from Western Russia (it is hard to pinpoint the exact geographical location as the epicenter keeps shifting)
- Target include payments infrastructure, connected device eco-systems across the shop floors, supply chains, and industrial control systems
- Most of the attacks are oriented towards creating large scale disruption of supply chains as well as financial systems to keep regional CERT teams occupied
As we enter March 2022, the potential for a major cyberattack occurring in various parts of the world has grown exponentially. As we had predicted in the 2022 IoT and OT Threat Landscape and Assessment Report, the cyberattacks on manufacturing entities and financial institutions along with oil storage and transportation infrastructure are expected to see a massive spike this week.
We are witnessing a phase of increased adversarial activity across the surface and Dark Web with more than 5 major APT groups working in tandem across 3 continents. All this translates into a need to ramp up internal and external security measures immediately.
Sectrio advises financial services and manufacturing businesses to adopt the following measures immediately:
- Conduct a complete audit of their entire digital footprint with a special emphasis on IoT and OT infrastructure including devices and networks that connect.
- Deploy multi-factor authentication (MFA) and reduce access and other privileges across the infrastructure for the next 20 days
- If any vendors are allowed into the digital perimeters or beyond, such accesses should be monitored or limited
- Advise employees to avoid opening any suspicious emails and delete spam mails
- Hackers are also expected to circulate spoofed links asking them to revalidate their login credentials through SMS. Ask them not to comply and report such instances
- Fragment networks wherever possible to gain greater operational visibility and control
- Industrial Control Systems and SCADA systems should be monitored and checked for any unusual network activity
- A sudden or even diffused spike in data consumption among IoT devices could point to a potential cyberattack and should be attended to immediately
- Limit BYOD access, if possible
- Hackers will try and use reply chain phishing in case of previously compromised networks. In case of any suspicious communication activity, employees should be requested to check with the sender and try and validate the communication through a call or other non-email means and share the emails for investigation
- Senior leadership could be targeted through LinkedIn or other social media platforms
Lastly, we advise all businesses across sectors to conduct an immediate review of their cybersecurity posture.
For more informational content, subscribe to our weekly updates and be notified at the latest. We promise not to spam you!
Try our rich OT and IoT-focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence
Planning to upgrade your cybersecurity measures? Talk to our IoT and OT security experts here: Reach out to sectrio.