Thursday, April 15, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Ransomware, snooping and attempted shutdowns: See what hackers did to these systems left unprotected online

January 23, 2020
in Internet Security
Ransomware, snooping and attempted shutdowns: See what hackers did to these systems left unprotected online
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Utility companies: Recommendations on dealing with firewalls and patches
A recent cyber-security incident at a US power grid entity was linked to unpatched firewalls.

Malicious hackers are targeting factories and industrial environments with a wide variety of malware and cyberattacks including ransomware, cryptocurrency miners – and in some cases they’re actively looking to shut down or disrupt systems.

You might also like

Microsoft Defender for Endpoint now protects unmanaged BYO devices

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

ASIO boss says he’s not concerned with Australian Parliament’s March outage

All of these incidents were spotted by researchers at cybersecurity company Trend Micro who built a honeypot that mimicked the environment of a real factory. The fake factory featured some common cybersecurity vulnerabilities to make it appealing for hackers to discover and target.

To help make the honeypot as convincing as possible, researchers linked the desktops, networks and servers to a false company they called MeTech and created a website detailing how the manufacturer served clients in high-tech sectors including defence and aerospace – popular targets for hacking.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

The website even featured images and bios of people who supposedly worked for the false brand, with headshots generated by artificial intelligence in an effort to make the honeypot look as much like a legitimate company as possible.

Trend Micro launched the honeypot in May last year, purposefully setting it up with weaknesses like Virtual Network Computing (VNC) without control access, unsecured outward-facing remote desktop ports, and using the same password for workstations across the network.

To further entice potential hackers towards the exposed online systems, researchers ‘leaked’ information about vulnerabilities in the systems. And it wasn’t long before cyber criminals were attracted towards the MeTech honeypot and attempting to infiltrate it.

A few weeks after the honeypot went live, an attacker found their way into the network and installed cryptocurrency-mining malware in an effort to exploit the resources of the false factory to generate Bitcoin. Researchers note that this attacker repeatedly returned to the system to re-launch the miner over the course of the honeypot’s life.

As more cyber criminals and hackers discovered the honeypot – under the impression it was a fully operational industrial environment – researchers saw the attacks being deployed get more advanced.

A number of attackers performed reconnaissance on the network, likely in an effort to see what could be taken control of or to uncover sensitive data to steal. Some of these attackers even went so far as to enter commands to shutdown systems, something that could have had a big impact in a real smart-factory environment. Shutdown attacks repeatedly happened during the duration of the honeypot.

By September, the honeypot was attracting large amounts of interest from malicious hackers and MeTech was targeted with a ransomware attack that allowed the researchers to monitor how such an incident unfolds.

This started with an attacker investigating the systems and conducting reconnaissance across the network in an effort to uncover what they were dealing with. Then, using remote desktop functions and access to TeamViewer, this attacker deployed a variant of Crysis ransomware onto the network, demanding $10,000 in Bitcoin to decrypt the network.

Under the guise of a MeTech employee, researchers actually went back and forth over email with the attacker – who eventually dropped the demand to $6,000. However, the ransom wasn’t paid, as once they were done communicating with the attacker, researchers reset the system, returning it to its original state.

SEE: Sensor’d enterprise: IoT, ML, and big data (ZDNet special report) | Download the report as a PDF (TechRepublic)

But this wasn’t the only ransomware campaign that the honeypot attracted; in October, hackers once again snooped around the network before deploying Phobos ransomware, which was removed when the systems were reset.

Just weeks after this, the honeypot also attracted a much less sophisticated ransomware attack from a hacker who researchers at Trend Micro note “fumbled around our system trying to get a PowerShell command to work”.

This attacker eventually deployed a fake ransomware attack where they just changed the names of files and demanded a few hundred dollars to ‘decrypt’ the altered files via a note left on an altered desktop background. This attacker seemingly gave up a few days later, opening various adult websites on the browser before leaving the system.

Other hackers displayed more sophistication than this, taking time over scanning systems designed to look like they controlled industrial control systems, in one instance even gaining access to a workstation connected to what looked like MeTech’s robotic systems. In a real environment, this level of access could potentially lead to physical disruption of factory environments.

The honeypot was shut down in December after providing researchers with a taste of how cyber criminals operate in industrial and factory environments with common security vulnerabilities. And in this case, it was common cyber criminals, not nation-state-backed hacking groups, that were tampering with systems.

SEE: Report: Chinese hacking group APT40 hides behind network of front companies

“Too often, discussion of cyberthreats to industrial control systems (ICS) has been confined to highly sophisticated, nation-state level attacks designed to sabotage key processes. While these do present a risk to Industry 4.0, our research proves that more commonplace threats are more likely,” said Greg Young, vice president of cybersecurity for Trend Micro.

“Owners of smaller factories and industrial plants should therefore not assume that criminals will leave them alone. A lack of basic protections can open the door to a relatively straightforward ransomware or cryptojacking attack that could have serious consequences for the bottom line,” he added.

In order to protect against cyber criminals and hackers, researchers recommend that industrial environments have the minimum number of open ports facing the internet as possible and that access control policies should be tightened with unique and strong passwords for each system. Two-factor authentication can also help prevent attackers from gaining access to environments.

Security experts also recommend that systems are regularly updated with relevant security patches in order to ensure that cyber criminals can’t take advantage of known vulnerabilities to gain access to networks.

MORE CYBERSECURITY

Credit: Zdnet

Previous Post

What are Important AI & Machine Learning Trends for 2020?

Next Post

5 Ways AutopilotML Automates Manual Process of Managing Machine Learning Models

Related Posts

Microsoft Defender for Endpoint now protects unmanaged BYO devices
Internet Security

Microsoft Defender for Endpoint now protects unmanaged BYO devices

April 15, 2021
Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers
Internet Security

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

April 14, 2021
ASIO boss says he’s not concerned with Australian Parliament’s March outage
Internet Security

ASIO boss says he’s not concerned with Australian Parliament’s March outage

April 14, 2021
‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system
Internet Security

‘FLoC off!’ Vivaldi declares as it says no to Google’s tracking system

April 14, 2021
Microsoft April patch download covers 114 CVEs including new Exchange Server bugs
Internet Security

Microsoft April patch download covers 114 CVEs including new Exchange Server bugs

April 14, 2021
Next Post
5 Ways AutopilotML Automates Manual Process of Managing Machine Learning Models

5 Ways AutopilotML Automates Manual Process of Managing Machine Learning Models

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Marketing Automation Technology for Revenue & Growth
Marketing Technology

Marketing Automation Technology for Revenue & Growth

April 15, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

A brief intro to Red Hat OpenShift for Node.js developers – IBM Developer

April 15, 2021
Microsoft Defender for Endpoint now protects unmanaged BYO devices
Internet Security

Microsoft Defender for Endpoint now protects unmanaged BYO devices

April 15, 2021
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Internet Privacy

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks

April 15, 2021
Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization
Machine Learning

Sailthru Announces Machine Learning Features for Improved Lifecycle Optimization

April 14, 2021
Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021
Neural Networks

Data Labeling Service — How to Get Good Training Data for ML Project? | by ByteBridge | Apr, 2021

April 14, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Marketing Automation Technology for Revenue & Growth April 15, 2021
  • A brief intro to Red Hat OpenShift for Node.js developers – IBM Developer April 15, 2021
  • Microsoft Defender for Endpoint now protects unmanaged BYO devices April 15, 2021
  • New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks April 15, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates