SCADA Watch: How a Phishing Attack Exposed an Energy Company to Hackers
Brian Prince writes on eWeek:
It began with an e-mail sent to an employee at an energy company, and ended with a security breach that exposed critical systems to outside control.More here.
It is an all too common scenario, and one just one example of the types of threats targeting not only critical infrastructure but organizations generally. The attack referenced above happened at the site of an energy company Intrepidus Group is keeping anonymous. In a discussion with eWEEK however, the security vendor outlined just how a malware attack broke into a critical network.
The attack began to unravel April 3, 2007. That’s when a fraudulent user account - complete with administrative privileges - was detected by the energy company. At that point, Intrepidus Group was called in to try to uncover what exactly happened. Working backwards, the company traced everything back to a phishing e-mail and a little bit of social engineering.
“What started off as a very strange attack where people couldn’t understand why these random administrative accounts were being added in the internal network ended up being two and a half days later us realizing the primary domain controller in the system – which is the keys to the system really with all the passwords and user accounts – had been compromised with this zero-day attack,” said Intrepidus CEO Rohyt Belani. “But the big thing that set off alarms…was that the attack had originated not from the outside big bad world but…from another machine inside their corporate network.”