Search This Blog

Monday, January 16, 2023

Cybercriminals are Hiring Felons to Launch a Two-way attack on Critical Infrastructure

 Multiple substations in the United States suffered vandalism, shootings, and attacks at the hands of criminals who confessed to doing so for financial motives. Attacks on critical infrastructure can lead to delaying services besides heavy financial losses. Cyble Research & Intelligence Labs noted that felons are lured by cybercriminals into the world of cybercrime with monetary incentives. By training the felons, gangs and groups may have an equipped team that can both physically attack a facility and launch a cyberattack using vulnerabilities.

About the attack on the energy substations

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/01/Figure-1-%E2%80%93-Lookout-Notice-released-by-FBI-.png?w=935&ssl=1


Lookout notice by the FBI (Source: Cyble)

Matthew Greenwood, 32, and Jeremy Crahan, 40 were apprehended in January for vandalizing four electrical substations on December 25, 2022. It left over 10,000 users without power and led to heavy financial costs in repairing and restoring the infrastructure back. The attack on critical infrastructure in Washington state has yet again led researchers and legal authorities to work and question the security measures. Depending upon the charges, the attackers may face imprisonment for 20 years and 10 years for the possession of a firearm.

Cyberattacks aimed at critical infrastructure

Cyble researchers observed a few online activities typically before synchronized attacks on national critical infrastructures. Various underground forums turned to trade selling zero-day exploits for mercury-based physical access controls (PACs) devices as shown below:

https://i0.wp.com/blog.cyble.com/wp-content/uploads/2023/01/Figure-2-Claim-made-by-TA-over-Darkweb.png?w=1507&ssl=1

(Source: Cyble)

This was seen on December 14, 2022, a day before the attack on Washington’s critical infrastructure. Moreover, critical flaws were also found in building access control systems. Vulnerabilities are an open window for cybercriminals to reach and breach any systems following which critical information gets sold on the dark and deep web.

PAC systems used in critical facilities

Mercury-based physical access control systems provide security using mercury controllers at physical locations. With a network of door controllers on doors, central management systems, and access points, security agents monitor and configure the controllers. It authorizes access via biometrics, fobs, or keycards.

Threat to the physical world from the online one

With security tools both physical and online getting eyed by cyber criminals, it is doubly important to monitor both together to thwart criminal attempts. Researchers are looking into a potential ‘darkverse’ for criminal activities in the metaverse. It may make the metaverse turn into ‘metaworse’ where NFTs may get attacked by phishing and ransomware attacks as it would become a metaverse commodity.

Darkverse may become the go-to place for criminals because of its stealthy existence making it difficult to monitor. The darkverse may turn into a hub for money laundering, spying on users on the metaverse, and fake propaganda to target the more vulnerable users.

Researchers are urging security watchdogs to work toward a robust infrastructure to help build monitoring facilities in and around the metaverse. With the availability of clear proof of whom one is interacting with on the metaverse, it can deter crime on the potential darkverse. Moreover having a set of privacy policies and authority to look over what goes into it, is a must as more activities get started on it.

Physical threats from cybersecurity situations

There is a need for several vigilantes on the deep web which accumulates nearly 96% of online information. It is not publicly accessible nor is its data indexed by search engines to be shown upon searching. Hence, cybercrime gets a hidden deck to be played on away from the eyes of the regular population and guardians of national security.

Physical threats to critical infrastructure and otherwise using the data sold or placed on the deep web need regular, real-time and continuous monitoring to see who interacts with whom and what was shared between them. This is what will create clarity in investigations besides perusing forms and dates that are open to the naked eye on the surface which form only about 4% of the overall global online data.

https://thecyberexpress.com/cease-and-desist-critical-infrastructure-attacks/

No comments:

Post a Comment