Financial services institutions and manufacturers linked to various supply chains should prepare for targeted cyberattacks from APT groups. In the last 48 hours we have seen a significant increase in reconnaissance attacks on companies in these sectors indicating the mobilizations of the APT, sub-APT groups and independent hackers.
Here are the top trends we recorded in our global honeypots over the weekend:
- All honeypots saw an increase in inbound cyberattacks
- 13 honeypots in Europe across Finland, Germany, Estonia and Lithuania see the highest increase in cyberattacks
- Most of the attacks come from western Russia (it is difficult to determine the exact geographical location because the epicenter keeps moving)
- The target includes payment infrastructure, ecosystems of connected devices across the workshops, supply chains and industrial control systems
- Most attacks aim to create large-scale disruption of supply chains as well as financial systems to keep regional CERT teams busy
As we enter March 2022, the potential for a major cyberattack occurring in various parts of the world has increased exponentially. As we predicted in the 2022 IoT and OT Threat Landscape and Assessment Report, cyberattacks on manufacturing entities and financial institutions in the same way oil storage and transportation infrastructure we expect to see a massive spike this week.
We are seeing a phase of heightened adversarial activity across the surface and dark web with over 5 major APT groups working in tandem across 3 continents. All this translates into the need to immediately strengthen internal and external security measures.
Sectrio advises financial services and manufacturing companies to immediately adopt the following measures:
- Perform a comprehensive audit of their entire digital footprint with a focus on IoT and OT infrastructure, including the devices and networks that connect.
- Deploy multi-factor authentication (MFA) and reduce access and other privileges on infrastructure for the next 20 days
- If vendors are permitted to enter digital perimeters or beyond, such access should be monitored or restricted
- Advise employees to avoid opening suspicious emails and delete spam
- The hackers are also supposed to spread spoofed links asking them to revalidate their login credentials via SMS. Ask them not to comply and report such cases
- Fragment networks where possible to gain greater visibility and operational control
- Industrial control systems and SCADA systems should be monitored and checked for any unusual network activity
- A sudden or even diffuse spike in data consumption among IoT devices could indicate a potential cyberattack and should be addressed immediately
- Limit BYOD access, if possible
- Hackers will try to use response string phishing in case of previously compromised networks. In the event of suspicious communication activity, employees should be instructed to verify with the sender and attempt to validate the communication through a call or other means other than email and share emails for investigation.
- Senior management could be targeted via LinkedIn or other social media platforms
Finally, we advise all companies in all industries to conduct an immediate review of their cybersecurity posture.
For more informative content, subscribe to our weekly updates and get notified the latest. We promise not to spam you!
Try our rich OT and IoT focused cyber threat intelligence feeds for free, here: IoT and OT Focused Cyber Threat Intelligence
Thinking of upgrading your cybersecurity measures? Talk to our IoT and OT security experts here: Contact sectrio.
Visit our compliance center to advance your NIST and IEC compliance measures: Compliance Center
Get free access to enriched IoT-focused cyber threat intelligence for 15 days
*** This is a syndicated blog from Sectrio’s Security Bloggers Network written by Prayukth K V. /