Bob Gourley of Crucial Point provides context and commentary on cybersecurity threats and actions to mitigate threats and is frequently contexted to provide insights for journalists seeking expert insights. Gourley was featured in the Vox report on It’s not just elections: Russia hacked the US electric grid
The article gives very clear insights into the details of years long cyber espionage and cyber attacks to place malicious code in a wide variety of firms associated with the energy sector and does so in a way that is very understandable.
From the report:
To gain access to the power plant computers and internal networks, the hackers first attacked smaller, less secure companies — like ones that make parts for generators or sell software that power plant companies use, for instance.
The Russian hackers then repeated some of those same techniques again to gain access to the primary targets.
One way they did that was to send emails from a compromised account that the receiver trusted and had interacted with before, to get the person receiving the email to reveal confidential information. This is known as “spearphishing.” For example, if the email looks like it’s coming from Bob from marketing, then Alice will be more likely to open it, even if the email was actually sent by Eve from Russia.
Another method they used was “waterholing.” The hackers altered websites that people in the energy industry regularly visit, so that those websites could collect information, like logins and passwords, and relay them back to the hackers.
Some targeted users were induced to “download enticing word documents,” as the report phrases it, about control process systems (programs that watch other programs work, essentially). But those documents turned out to be more malicious than enticing. By opening them, the targets ran programs that gave hackers access to their computers.
After acquiring the logins needed to fool the computers into letting the attackers in, the intruders set up local administrator accounts (the kind with permissions to do things like install programs) and used them to place more malware in the networks. The code they used also contained steps to cover the intruders’ tracks, like automatically logging out of the administrator accounts every eight hours.
“The bad news is this attack used a lot of the old methods to get in,” says Bob Gourley, founder and chief technology officer of the tech consultancy firm Crucial Point and author of the book The Cyber Threat.
“Trickery, getting people to click on links, the other kind of social engineering, phishing to get a foothold somewhere, this was the same kind of basic attack pattern that’s been going on for a decade now,” Gourley says. “It was just better resourced and better targeted, and they had more focused intelligence.”
In the Vox story,
We also absolutely loved the last line of this report: “Intrusions like these still fall short of sabotage or war, but that doesn’t mean we have to like them.”
Are you in a company that serves the energy sector? Contact Us today for a free consultation and learn more about how to apply best practices to your business. We would also be glad to provide more information on our CISO-as-a-Service offering.