[ISN] How a Phishing Attack Exposed an Energy Company to Hackers

From: InfoSec News <alerts_at_private>
Date: Wed, 9 Sep 2009 00:15:12 -0500 (CDT)
http://www.eweek.com/c/a/Security/How-a-Phishing-Attack-Exposed-an-Energy-Company-to-Hackers-183328/

By Brian Prince
eWEEK.com
2009-09-08

In an interview with eWEEK, the Intrepidus Group reveals some of the 
details behind a malware attack that exposed critical systems at an 
energy company. Using a Microsoft zero-day vulnerability and a bit of 
social engineering, hackers compromised a workstation and threatened 
critical SCADA systems.

It began with an e-mail sent to an employee at an energy company, and 
ended with a security breach that exposed critical systems to outside 
control.

It is an all too common scenario, and one just one example of the types 
of threats targeting not only critical infrastructure but organizations 
generally. The attack referenced above happened at the site of an energy 
company Intrepidus Group is keeping anonymous. In a discussion with 
eWEEK however, the security vendor outlined just how a malware attack 
broke into a critical network.

The attack began to unravel April 3, 2007. That's when a fraudulent user 
account - complete with administrative privileges - was detected by the 
energy company. At that point, Intrepidus Group was called in to try to 
uncover what exactly happened. Working backwards, the company traced 
everything back to a phishing e-mail and a little bit of social 
engineering.

"What started off as a very strange attack where people couldn't 
understand why these random administrative accounts were being added in 
the internal network ended up being two and a half days later us 
realizing the primary domain controller in the system - which is the 
keys to the system really with all the passwords and user accounts - had 
been compromised with this zero-day attack," said Intrepidus CEO Rohyt 
Belani. "But the big thing that set off alarms... was that the attack 
had originated not from the outside big bad world but... from another 
machine inside their corporate network."

[...]


________________________________________
Please Donate to the Ron Santo Walk to 
Cure Diabetes with Ethan's Crew!
http://www.c4i.org/ethan.html
Received on Tue Sep 08 2009 - 22:15:12 PDT

This archive was generated by hypermail 2.2.0 : Tue Sep 08 2009 - 22:22:29 PDT