Weekly threat monitor: April 25th, 2022

Sectrio issues major cybersecurity alert for manufacturing and oil and gas companies

Oil and Gas and auto manufacturing facilities need to be on their guard this week. Firms in these two sectors have to watch out for a significant rise in deflected traffic coming from IP addresses in Africa, Latin America, and parts of Europe. Using multi-loader malware, hackers will attempt to place ransomware in networks connected with both upstream and downstream operations and manufacturing facilities.

Russian hackers who are in retreat have identified as many as 70 targets including many oil and gas firms, manufacturing plants, shipping companies, and utility firms as targets for a multi-phase campaign that could run till the end of May this year.

What to watch out for:

  • Abnormal traffic patterns with an unusual volume of traffic coming from the geographies listed above
  • Phishing campaigns using social media channels such as LinkedIn that will target key employees.
  • Firewalls and other perimeter-based solutions could be targeted directly by these hackers
  • Slow or non-responsive ICS control systems
  • Hackers may also try and use reply phishing to enter key conversations using stolen credentials
  • Board and senior leadership members will also be targeted directly
  • This could be a revenge attack so a kinetic attack is most likely
  • Multiple waves of intrusion attempts to tie down SOC teams

Sectrio’s Threat Research team still monitoring the situation and we will provide more updates as and when they become available.

Weekly advisory

Segments under this list must be on high alert in the coming weeks:
  • Oil and gas
  • Financial Services
  • Manufacturing
  • Critical Infrastructure
  • Supply chains
  • Energy Sector
  • Water and wastewater treatment facilities
  • Utility entities
  • Maritime agencies
  • Healthcare
  • Government Agencies

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top