Blog

We have entered the era of crafted malware

By |

In the last two weeks, several U.S. government agencies issued multiple joint alerts warning businesses and critical infrastructure operators about the discovery of malicious cyber tools that could be used to gain access to industrial control systems.

While the important alert from the Energy Department, the Homeland Security Department, the FBI, and the National Security Agency (NSA) did not specifically identify the actor behind the malware, what has caught the attention of these agencies is the sheer sophistication of the malware involved. The APT group behind the malware created it specifically to target liquified petroleum gas and electric power targets in the USA.  

Operating in the background

In the last decade, APT groups have managed to gain Gigabytes of data on critical infrastructure operators across the globe through reconnaissance attacks. Such attacks have either gone unnoticed or have not been taken up for action or analysis by the impacted cybersecurity teams. This has resulted in a situation where bad actors have gained tons of data that could be used in an actual cyberattack or for the development of crafted malware.

This includes data relating to:

  • Security frameworks and incident response depths and capabilities related to critical facilities
  • Supply chain entry points for loading malware to target entities downstream
  • Ways to keep malware latent for prolonged periods of time. This includes periods of facility shut down, renovation, change of components, etc.
  • Methods to infiltrate malware through non-conventional means including designating specific CI employees as targets for multi-stage phishing campaigns
  • Identifying disgruntled employees who could be targeted more easily

Further, through contaminated firmware residing in less than complex IoT systems such as smart surveillance, data and credentials have either been exfiltrated or copied onto other systems for exfiltration.

The data gleaned is then used for creating modified malware variants that are often more effective in breaching the target networks than non-modified variants. Such malware are then deployed through the same route used during the reconnaissance attack (if the malware loader is still available or if the exploit is still unattended to).

What does this translate into for cybersecurity teams?

  • More targeted attacks and breaches that could lead to more loss of information or a huge ransom demand
  • Malware evolution cycles have shrunk to months and weeks from years
  • Malware can be repeatedly tweaked for improving its effectiveness by evading defenses
  • This would increase the success rate for malware developers and bad actors who can then build on this success
  • IoT deployments and OT-based critical infrastructure face an immediate threat

Want to learn more on how to deflect targeted attacks? Learn more about our adaptive cybersecurity solutions today.

Try our threat intelligence feeds for free and block over 18 million cyberattacks each day.  

Talk to our cybersecurity experts today to get to know more about our IT-IoT-OT cybersecurity solutions and threat intelligence. Book here.

We invite all cybersecurity leaders across verticals and countries to participate in this survey. Your participation will enable us to turn the survey into a more participative and comprehensive effort: CISO survey 2022

Ciso peer survey 2022
Get started with the CISO Peer Survey here: Begin the survey now!
2022 threat landscape assessment report
Get the latest copy of the OT and IoT threat landscape report

Try our threat intelligence feeds for free for the next two weeks.

Improve your cybersecurity through ot and iot focused threat intelligence feeds free for 15 days
We have entered the era of crafted malware - Sectrio

Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

Share:
Avatar of prayukth k v
Prayukth K V has been actively involved in productizing and promoting cross eco-system collaboration in the emerging tech and cybersecurity domains for over a decade. A marketer by profession and a published author, he has also proposed and promoted critical infrastructure protection strategies that rely on in-depth threat research and deflection strategies to deceive hackers and malware. Having been at the frontlines of cyber securing infrastructure, Prayukth has seen cyberattacks and defense tactics at close quarters.

Subscribe to Newsletter

Related Posts

Protect your IoT, OT and converged assets with Sectrio