Ready to Start Your Career?

Cyber Security Smoke and Mirrors: An Update on Russian Hacking Group Sandworm

Olivia 's profile image

By: Olivia

November 19, 2017

In a time where news media and social media capture so much of our attention and by extension, help to form so many of our opinions, it is not surprising the press coverage given to the hackers who tampered with the elections using those mediums has been on almost a constant loop. For some, the news is shocking, for others, less so. For many, it inspires outrage and fear.But perhaps what is most frightening is what is going on as we've given so much of our time to the election news. This is what I've been calling cyber security smoke and mirrors. It's the happenings that are not so publicized, but just as dangerous, if not more than election tampering carried out by the Russians.Election and public opinion tampering is only the first piece in a very complex puzzle. It is priming the world for mass disruption and surprise. With countries questioning their leaders and their policies, it makes way for disaster that hinges on our reactions and, if things were to come to a point where we entered cyber warfare, the enemy would already be steps ahead.What I'm referencing is an attack on operational technology (OT), which is the hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as valves, pumps, etc. More specifically, this translates to power grids, transportation systems, financial institutions, and manufacturing plants."This is nothing new or surprising in military and intelligence circles where such 'cyber Armageddon' scenarios have been discussed for decades," writes, "However, a series of recent disclosures pulls back the curtain on the extent to which Russia, Iran, and North Korea, in particular, have begun to proactively probe and infiltrate OT networks."OT networks are especially vulnerable as they were originally designed to operate separately from IT networks, but as we know with technology, the two came to converge rapidly."In a recent vulnerability test, RedTeam Security was able to penetrate a US power grid, both online and offline, within a three day window," reports, "A quick Google search of cybersecurity and the energy sector will return thousands of results discussing how the industrial control system (ICS) security environment is in dire straights."Recently, the attack on Ukraine’s power grid hack and the attempted hack of a NY Dam has brought more awareness to these issues, but it has still not been given the full attention it deserves, and so many are still blind to the dangers.Russian hacking group 'Sandworm' is believed to be responsible for attacks on Ukrainian electric utilities in 2015 and 2016 that cut off power to hundreds of thousands of people, making them the only group thus far to cause a real-world blackout.Cybersecurity researchers, including those at FireEye and ESET have noted that the recent NotPetya ransomware epidemic that "crippled thousands of networks in Ukraine and around the world matches Sandworm's history of infecting victims with 'fake' ransomware that offers no real option to decrypt their files."
Additionally, FireEye has tied the group to a series of intrusions on American energy utilities discovered in 2014, which were infected with the same Black Energy malware 'Sandworm' used in its Ukraine attacks.
Pieces of the puzzle may be stating to fit together after all. But what do we do? What can we do? These are no easy answers, and certainly are not problems that can be solved overnight.
At Cybrary, we believe that staying informed on the latest happenings in cyber security news is critical for every professional, regardless of their stage in the workforce. In this especially chaotic time, we must remain educated and we must remain vigilant.Protecting our critical infrastructure starts by training professionals with the skills they need to capable and efficient workers, but it also comes from general awareness of the issue at hand. We need to lock down our industrial controls. We need more cyber warriors to join the fight. 
Schedule Demo