The NCCIC has released Technical Alert 18-276A about Advanced Persistent Threat (APT) actors stealing the access credentials of one organization in order to target another another entity the first organization has a trusted relationship with. Using the stolen credentials, the APT actors can act the part of a legitimate partner to the target organization, which may be a parent company, a connected partner, or a contracted managed service provider. They can subsequently expand the degree of their unauthorized access, maintain persistence, exfiltrate data, and conduct other operations, all while appearing to be authorized users. This tactic was among those used by Russian government threat actors to exploit U.S. critical infrastructure, which specifically included the water and wastewater sector, as was detailed in NCCIC Tehnical Alert 18-074 (“Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors”). This latest technical alert breaks down the tactics used by the APT actors and for each, lists a series of measures to prevent or mitigate these activities. NCCIC/US-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!