Security Experts:

Critical Manufacturing Firm Hit by Sophisticated Threat Actors: DHS

Several sophisticated threat groups have breached the systems of a major critical manufacturing company, the Department of Homeland Security (DHS) revealed last week in a report.

According to the report, which summarizes the Industrial Control Systems Cyber Emergency Response Team's (ICS-CERT) activities in the second quarter of 2014, the attackers had access to the unnamed manufacturing organization's networks for several months.

2014 ICS Cyber Security Conference
Register for the 2014 ICS Cyber Security Conference!

ICS-CERT's investigation uncovered a large number of compromised hosts, and lateral movement of the intruders throughout the network.  

"This organization is a conglomeration of multiple companies acquired in recent years. The acquisition and subsequent merging of multiple networks introduced latent weaknesses in network management and visibility, which allowed lateral movement from intruders to go largely undetected," the report reads.

The organization has more than 100 entry and exit points connected to the Internet, which makes securing the perimeter a challenging task. In addition, the attackers had managed to gain privileged access to systems by leveraging compromised domain accounts.

"In this situation, re-architecting the network is the best approach to ensure that the company has a consistent security posture across its wide enterprise," ICS-CERT said.

The report also focuses on the Havex RAT, which has been used recently in cyber espionage operations aimed at industrial control systems.

"Various reports have indicated that organizations in the energy, manufacturing, pharmaceutical and information technology sectors are among those targeted by this campaign. However, drawing conclusions about the specific intent of targeting is not well understood as all victims have not been identified. While the specific target and motive of the campaign is unclear, the situation elevates the presence of a new and potentially evolving threat against industries operating critical infrastructure," ICS-CERT said.

A study published this summer revealed that 70% of critical infrastructure organizations had suffered at least one security breach that either led to the disruption of operations or the loss of confidential information.

The DHS has been actively involved in the protection of critical infrastructure, but the agency has also made some mistakes that could have had serious consequences. In July, in response to a freedom of information act (FOIA) request, the DHS mistakenly released 840 pages of documents containing details on potentially vulnerable critical infrastructure points across the U.S.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.