http://www.eweek.com/c/a/Security/How-a-Phishing-Attack-Exposed-an-Energy-Company-to-Hackers-183328/ By Brian Prince eWEEK.com 2009-09-08 In an interview with eWEEK, the Intrepidus Group reveals some of the details behind a malware attack that exposed critical systems at an energy company. Using a Microsoft zero-day vulnerability and a bit of social engineering, hackers compromised a workstation and threatened critical SCADA systems. It began with an e-mail sent to an employee at an energy company, and ended with a security breach that exposed critical systems to outside control. It is an all too common scenario, and one just one example of the types of threats targeting not only critical infrastructure but organizations generally. The attack referenced above happened at the site of an energy company Intrepidus Group is keeping anonymous. In a discussion with eWEEK however, the security vendor outlined just how a malware attack broke into a critical network. The attack began to unravel April 3, 2007. That's when a fraudulent user account - complete with administrative privileges - was detected by the energy company. At that point, Intrepidus Group was called in to try to uncover what exactly happened. Working backwards, the company traced everything back to a phishing e-mail and a little bit of social engineering. "What started off as a very strange attack where people couldn't understand why these random administrative accounts were being added in the internal network ended up being two and a half days later us realizing the primary domain controller in the system - which is the keys to the system really with all the passwords and user accounts - had been compromised with this zero-day attack," said Intrepidus CEO Rohyt Belani. "But the big thing that set off alarms... was that the attack had originated not from the outside big bad world but... from another machine inside their corporate network." [...] ________________________________________ Please Donate to the Ron Santo Walk to Cure Diabetes with Ethan's Crew! http://www.c4i.org/ethan.htmlReceived on Tue Sep 08 2009 - 22:15:12 PDT
This archive was generated by hypermail 2.2.0 : Tue Sep 08 2009 - 22:22:29 PDT