Weekly threat monitor – May 11th

APTs dominated the landscape this week as attacks on specific elements of critical infrastructure rose 33 percent over 5 days. Control systems connected with water treatment plants seem to be the primary target of these attacks that were noted in the Middle East, South East Asia, parts of Europe, and North America. The attacks were specifically targeting unpatched controllers. We expect these attacks to widen in scope over the days to come.

As countries emerge out of lockdown and systems are brought back on-line, hackers may be tailing some of the sectors and payment mechanisms connected with utilities. Social media, emails, portable storage devices continue to be the most used conduits in these attacks.

After being pushed to the back burner for a while, cyberattacks based on geopolitical motivations are back on the agenda of hackers. A range of APT groups based in North Korea, China, and Iran was active this week. Credential stuffing and brute force attacks remain the most preferred modes of a cyberattack for these groups. Some affiliated hackers or even these groups themselves are also using botnets to launch unceasing DDoS attacks on critical infrastructure.

Voice recognition systems, online meeting platforms, surveillance systems, and routers remain the most sought after targets this week. They together accounted for as much as 27 percent of all cyberattacks recorded by us. This includes attacks of varying sophistication.

The need to tweak everything
Since the complexity of attacks continues to rise with each passing week, we advise businesses to revisit their security practices frequently. In addition to sensitizing employees, the use of out-of-the-box configurations and passwords should be banned. Devices or applications that bear out-of-the-box configurations should be barred from accessing network resources. We have even seen organizations using out-of-the-box configurations for security tools as well. Even small changes to the default configurations can expand the distance between a potential hacker and you.    

Weekly advisory

We expect the attacks on critical infrastructure to grow this week along with attacks on these sectors:

  • Healthcare
  • Financial services
  • Healthcare research labs
  • Control systems connected with critical infrastructure
  • Government – especially lawmakers and government agencies connected with internal/homeland security
  • IoT projects in the transport sector

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top