Homeland Security Issues Warning on Cyberattack Campaign
Tuesday, May 9, 2017
Posted by: Mary Mack
Extract from Marianne Kolbasuk McGee's article "Homeland Security Issues Warning on Cyberattack Campaign"
"The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems.
The alert notes that DHS' National Cybersecurity and Communications Integration Center "has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including information technology, energy, healthcare and public health, communications and critical manufacturing."
Mac McMillan, president of the security consulting firm CynergisTek, says the threat is serious. "These attacks could lead to full network compromise, long-term undetected attacks, and compromise/exploitation of systems and data, essentially putting both operations and patient safety at risk," he says.
The April 27 alert, which was updated on May 2, says preliminary analysis has found that threat actors appear to be leveraging stolen administrative credentials - local and domain - and certificates.
"Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments," the alert notes. "Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools."
Read the full article here