In light of Sandworms attempted attack on the Ukrainian electricity grid using a new version of the Industroyer malware, "Industroyer2", Chris Grove, Director, Cybersecurity Strategy, Nozomi Networks, commented: "Everyone operating in the critical infrastructure sector should pay particular attention to this attack, because it is one of the few that has directly affected OT systems. According to Nozomi Networks Labs, there were reports of some hard-coded IPs in the malware sample, indicating that the threat actors had a deep understanding of the environment. Just like in the case of the malware that Sandworm had distributed in Ukraine in 2016, also this time the ICS operators have to monitor their networks to identify any unusual activity since the Russian tactics foresee staying in the environments for weeks or months before striking ». Attack on the electricity grid: how to protect yourself? Nozomi Networks' new Threat Intelligence package provides Industroyer2's IoC (Indicators of Compromise) rules that will detect and alert customers of any known malware-related activity, with the company providing additional information once relevant samples are analyzed at bottom. Meanwhile, businesses can improve their protection in this way: • Basic IT hygiene: reset passwords, control access and permissions of the account / network of employees and suppliers, scan the network for any open door and close it, etc ... • Apply YARA rules to identify and generate alerts on associated malware activity • Use anomaly detection tools to detect any changes or changes to the malware, as well as any illegitimate activity that occurs in OT environments • Use an automatic firewall along with an anomaly detection tool to stop further attack commands • Search for threats for suspicious activity on the net to discover attackers as early as possible We also recommend joining the CISA 2017 advisory if these security measures have not already been implemented. Nozomi Networks makes it known that it will continue to monitor the situation and provide updates on what is happening, as well as suggestions that the OT sector can take to protect their networks.
COMMENT: These tips are superseded by technology. Basic computer hygiene is like taking an aspirin when our body is invaded by cancer. Passwords are still hacked, hackers are able to easily enter and reach the highest authorization level. Instead, we make a strong contribution, both by isolating the strategic plant from the internet with a double CRIPTEOS 3001 system that exchanges only encrypted messages, one system connected to the internet and the other to the strategic resource isolated from the internet, and with the method of blocking the phishing that we describe on other pages of this site. Then the other activities proposed in this article do not hurt. Resilience is a buzzword.electricity grid