BleepingComputer, a renowned information security and technology news publication, had recently reported on a number of cases of highly-targeted attacks on industrial sector in which a malicious payload was hidden in sent images.
According to the article, victims in multiple countries (Japan, the U.K., Germany, Italy) were identified, some of which supply equipment and software solutions to industrial enterprises.
The actors in these incidents used public hosting imaging services to evade network traffic scanners and control tools that would flag the malicious download.
Behind the news
A newly-discovered campaign against hardware & software suppliers to industrial enterprises again sheds light on the cyber risk originating from enterprises’ supply chains and partners. Recently this threat has been constantly increasing, particularly over the past few months.
Kaspersky ICS CERT analysis has exposed the usage of steganography (the technique of hiding secret data within an ordinary file or message, which is extracted at its destination) to avoid detection by security tools. The analysis stated that the attackers’ ultimate goal was, at minimum, stealing credentials.
Many sources speculate that these attacks were state-sponsored.
[inject id=’code-47fd23f73a9caecab1e206306adae7f9′]
Such attacks may serve a number of purposes:
The Takeaway
The slew of attacks described above yet again demonstrates that it is the imperative that stakeholders in industrial enterprise cyber security (CISO, OT security manager, Chief Risk officer) manage their organization’s cyber risk properly, validate the security posture of suppliers, monitor 3rd-party network access, and deploy threat detection tools at the production lines to alert on possible exploits.
Harmonizing risk and consequence strategies across IT and OT environments for greater cyber resilience
Strengthening OT Resilience: Protecting Critical Systems in a Rapidly Evolving Threat Environment
Quarterly ICS Security Report 2024 Q3