Editor’s Note: This blog post was originally found on the Agari Email Security blog.
编者注:该博客文章最初在 Agari电子邮件安全博客中找到。
By John Wilson
约翰·威尔逊(John Wilson)
The Wall Street Journal’s report that a dozen US-based utilities were targets in a recent wave of coordinated phishing attacks should set off alarm bells throughout the sector and beyond.
《华尔街日报》的报告指出,最近一波协同网络钓鱼攻击浪潮中 ,有十几家总部位于美国的公用事业公司成为目标,这应该在整个行业乃至整个行业引起警钟。
Energy producers and utilities don’t just keep the lights on. They play a unique role in a country’s critical infrastructure, encompassing economic health, public safety, and national security — making them appealing targets for state-sponsored hackers and saboteurs.
能源生产商和公用事业公司不只是保持照明。 它们在一个国家的关键基础设施(包括经济健康,公共安全和国家安全)中扮演着独特的角色,从而使它们成为国家资助的黑客和破坏者的目标。
For years, hackers linked to Russia and Iran have probed for weaknesses in energy and utility cybersecurity defenses around the world. Among their top prey: oil and gas producers, nuclear power companies, and electrical grid operations. And in nearly every instance, their strategies have included phishing emails targeting the weakest link in most organizations’ security: humans.
多年来,与俄罗斯和伊朗有联系的黑客一直在探索全球能源和公用事业网络安全防御中的弱点。 他们的最大猎物是:石油和天然气生产商,核电公司以及电网运营。 而且几乎在所有情况下,他们的策略都包括针对大多数组织安全中最薄弱的环节:人为攻击的网络钓鱼电子邮件。
Organizations hit by a continuous barrage of phishing attacks often face an expensive, high-stakes problem that’s hard to solve with traditional email security practices.
遭受网络钓鱼攻击持续不断打击的组织通常面临着昂贵的,高风险的问题,而传统的电子邮件安全实践则很难解决。
The average annual cost of cyberattacks was $17.84 million per utility company in 2018, according to Accenture’s 2019 Cost of Cybercrime Report. That’s a 16% jump from 2017. Energy companies saw average annual losses rise to $13.77 million. Yet bad as it is, the consequences for successful email attacks on energy producers and grid operators can easily eclipse remediation costs.
根据埃森哲的《 2019年网络犯罪成本报告》,2018年每家公用事业公司的网络攻击平均年成本为1784万美元。 与2017年相比增长了16%。能源公司的平均年度亏损上升到了1377万美元。 尽管这很糟糕,但成功地对能源生产商和电网运营商进行电子邮件攻击的后果很容易使补救成本黯然失色。
Government and cybersecurity company investigations have shown that state-sponsored attackers have spent years phishing for nuclear reactor technology, login credentials for power plant control engineers, and other sensitive data. The fear is that successful phishing campaigns could have serious consequences for the organizations that fall victim, as well as for the constituents and communities they serve.
政府和网络安全公司的调查表明,国家资助的攻击者花费了数年的时间来仿冒核React堆技术,发电厂控制工程师的登录凭据以及其他敏感数据进行网络钓鱼。 人们担心成功的网络钓鱼活动可能对受害组织及其服务的选民和社区造成严重后果。
It’s a valid fear. A 2017 report, for instance, found that one group of threat actors had successfully phished their way into US and European energy companies, gaining “hands-on access to power grid operations.” In other words, they had the ability to shut off the lights in the countries these organizations operated. Why didn’t they? We don’t know, but analysts are concerned that the attackers are holding on to that information to exploit later — maybe at a time of international turmoil.
这是一种有效的恐惧。 例如,2017年的一份报告发现,一组威胁者已经成功地闯入了美国和欧洲的能源公司,从而获得了“ 动手操作电网的机会 ”。 换句话说,他们有能力在这些组织经营的国家关灯。 他们为什么不呢? 我们不知道,但是分析家担心攻击者会保留这些信息以备后用-也许是在国际动荡时期。
Utilities are vulnerable to other types of email-enabled sabotage, too. A 2018 report from Aon describes a plausible scenario involving a phishing attack on a hydroelectric dam contractor. Ten days after stealing employee credentials and accessing the dam’s control network, attackers could open all the floodgates all at once, causing catastrophic flooding.
实用程序也容易受到其他类型的启用电子邮件的破坏。 怡安(Aon)在2018年的一份报告中描述了一种可能的情况,涉及对水电大坝承包商的网络钓鱼袭击 。 窃取员工凭证并访问大坝的控制网络十天后,攻击者可能立即打开所有闸门,从而造成灾难性的洪水。
Energy companies and utilities operate advanced technology, and security has been a major issue since long before cyber-espionage was a glimmer in Putin’s eye. How are state-sponsored attacks getting around security controls? Sophisticated social engineering tactics delivered via email
能源公司和公用事业公司采用先进的技术,而自从网络间谍在普京眼前一闪之前,安全性就一直是一个主要问题。 国家支持的攻击如何绕过安全控制? 通过电子邮件提供复杂的社会工程策略
In the case of the US grid hack, investigators say conspirators linked to the notorious Dragonfly hacker group emailed New Year’s Eve party invitations to energy sector targets. They also sent emails with industry-centric content to get targets to open attachments that would exfiltrate the victim’s network login credentials.
在美国电网被黑客入侵的情况下,调查人员说,与臭名昭著的蜻蜓黑客组织有联系的阴谋者通过电子邮件向除夕晚会邀请了能源部门的目标。 他们还发送了以行业为中心的内容的电子邮件,以获取打开附件的目标,这些附件会泄露受害者的网络登录凭据。
Last October, the US indicted seven Russian intelligence operatives for a phishing attack on Westinghouse Electric Company’s nuclear power operations. In that case, phishing emails directed victims to a fraudulent Westinghouse website hosted on a lookalike domain and designed to collect employees’ login credentials. According to the Justice Department, the attack appears to have played a part in “technical reconnaissance” aimed at gaining access to IP addresses, domains, and network ports.
去年十月,美国起诉了七名俄罗斯情报人员,因为他们对西屋电气公司的核电进行了网络钓鱼攻击。 在这种情况下,网络钓鱼电子邮件将受害者定向到在相似域上托管的欺诈性西屋网站,该网站旨在收集员工的登录凭据。 根据司法部的说法,该攻击似乎在旨在获取IP地址,域和网络端口的“技术侦察”中发挥了作用。
In another phishing attack on US nuclear facilities reported in 2017, criminals posed as jobseekers sending resumes to plant control engineers. The resumes contained credential-harvesting malware that the attackers apparently hoped would give them access to safety and operational systems. Thankfully, the FBI reports that the perpetrators were only able to access business and administrative networks.
在2017年报道的另一起针对美国核设施的网络钓鱼攻击中, 犯罪分子构成了求职者将简历发送给工厂控制工程师的情况。 简历中包含凭据收集恶意软件,攻击者显然希望这些恶意软件可以使他们访问安全和操作系统。 值得庆幸的是,联邦调查局报告说,肇事者只能访问企业和管理网络。
That hack of the US grid that took bad actors all the way to operational access? It didn’t start with an attack on power companies. Instead, the hackers targeted utility companies’ vendors and partner email systems. Once trusted email accounts at those organizations were successfully infiltrated, they were used to launch email attacks designed to dupe power plant employees into downloading documents and sharing sensitive information. And it’s getting worse.
美国电网遭受的那场骇人袭击使坏人一路进入了运营通道? 它并非始于对电力公司的攻击。 相反,黑客将目标对准了公用事业公司的供应商和合作伙伴电子邮件系统。 一旦成功渗透到这些组织中的受信任电子邮件帐户,它们就会被用来发起电子邮件攻击,这些攻击旨在欺骗电厂员工下载文件和共享敏感信息。 而且情况越来越糟。
In 2019, there has been a spike in spear-phishing attacks on US oil and gas businesses. Investigators suspect Iran is the culprit behind one email campaign targeting executives with a fake job recruiting message impersonating the White House Council of Economic Advisors. Clicking the link would lead to the installation of malware like the kind that has struck Middle Eastern oil and gas installations in the recent past. Considering Iran’s track record of targeting companies like Saudi Aramco for data destruction, the current phishing campaign is a major concern for US fossil fuel producers and refiners.
在2019年,针对美国石油和天然气企业的鱼叉式网络钓鱼攻击激增。 调查人员怀疑伊朗是针对针对高管的一封电子邮件活动的罪魁祸首,该邮件带有伪造的招聘信息,冒充白宫经济顾问委员会。 单击该链接将导致安装恶意软件,例如最近攻击中东石油和天然气的恶意软件。 考虑到伊朗针对诸如沙特阿美等公司进行数据销毁的历史记录,当前的网络钓鱼活动是美国化石燃料生产商和精炼商的主要关切。
In all these cases, attackers rely on the simple fact that people are highly susceptible to well-timed email messages that appear to be sent by people they trust. Old-school secure email gateways (SEGs) and first-generation advanced threat protection (ATP) products aren’t designed to filter out these advanced email attacks. As a result, individual employees are left to make snap judgment calls about the safety of the messages in their inbox.
在所有这些情况下,攻击者都依赖一个简单的事实,即人们极易受到似乎是他们信任的人发送的及时电子邮件的影响。 老式安全电子邮件网关(SEG)和第一代高级威胁防护(ATP)产品并非旨在过滤掉这些高级电子邮件攻击。 结果,每个员工只能对收件箱中邮件的安全性做出快速判断。
By contrast, modern email security solutions analyze incoming email based on past sender behavior and a host of other signals to identify messages that are authentic and trustworthy. Using our own solution as an example, Agari Secure Email Cloud applies advanced data science and real-time intelligence from trillions of emails to ferret out attempts at identity deception and block incoming phishing and other socially-engineered email assaults. In the event a phishing email slips through and is detected post-delivery, the solution contains it and even removes it from all the organization’s inboxes automatically.
相比之下,现代电子邮件安全解决方案会根据过去的发件人行为和大量其他信号来分析传入的电子邮件,以识别真实可信的邮件。 以我们自己的解决方案为例, Agari Secure Email Cloud应用了数以万计的电子邮件中的高级数据科学和实时情报,以消除身份欺骗的企图并阻止传入的网络钓鱼和其他社会工程性的电子邮件攻击。 如果网上诱骗电子邮件漏出并在发送后被检测到,则解决方案将包含该电子邮件,甚至自动将其从组织的所有收件箱中删除。
As it stands now, Lloyds of London estimates that a single, coordinated phishing attack against power plants, utilities and other critical infrastructure could lead to $193 billion in losses worldwide. Which means energy and utility companies may find there’s plenty of incentive to deploy solutions to protect against state-sponsored phishing attacks — or risk getting zapped into major losses of their own.
按照目前的情况,伦敦劳埃德银行(Lloyds of London)估计,对发电厂,公用事业和其他关键基础设施进行的单一式网络钓鱼攻击可能导致全球1930亿美元的损失。 这意味着能源和公用事业公司可能会发现有足够的动力来部署解决方案,以防止受到国家赞助的网络钓鱼攻击,否则就有可能遭受重大损失。
Learn more about how Agari Secure Email Cloud detects, defends and deters phishing and other advanced email attacks, click here.
了解有关Agari Secure Email Cloud如何检测,防御和阻止网络钓鱼和其他高级电子邮件攻击的更多信息,请单击此处 。
翻译自: https://medium.com/@AgariInc/phishing-attacks-why-energy-companies-and-utilities-are-getting-zapped-2a1e840f4e78
相关资源:微信小程序源码-合集6.rar