Sunday Dec 29, 2024
Friday, 18 March 2016 00:00 - - {{hitsCtrl.values.hits}}
Steve Ledzian, Director of Engineering SEA at FireEye, shared the story of the cyber-attack at the Ukraine power grid and brought it to life for the audience at CIO Forum.
Likening it to a movie, the Ukraine power grid attack in December 2015 was played out scene-by-scene, mapping to the multiple stages of a malicious attack lifecycle of an advanced threat actor.
Delivered via a spear-phishing attack that sent emails with malicious Microsoft Office attachments, the malware called BlackEnergy3 enabled the cyber attackers to ultimately harvest legitimate credentials of power station employees. These credentials were then used covertly to access and study the operations of the power grid.
By altering the firmware used in the serial-to-Ethernet converters sitting between the networks and the industrial control systems, the attackers launched a “coordinated” attack that left thousands of Ukrainian families sitting helplessly in the cold freezing winter for hours.
Ledzian mentioned that an effective APT solution should be able to address the ‘whom’ behind the attack and not just focused on the malware, as these attacks are usually professional and well-funded, sometimes even nation-state sponsored.
A demonstration of the GhostRAT, a remote administrative tool widely available, showed how easy it is today for an organisation to be compromised – by just doing your job, reading legitimate looking documents.
«Such sophisticated malware require a high efficacy and effective defensive solution for detection and prevention, and FireEye is here with our partners, eCyberSec Security Consulting and NGXESS Ltd., to work with you to respond to these threats and put a security framework in place,” commented Ledzian.
This complemented remarks from Keynote Speaker Jayantha Fernando, Legal Counsel of ICTA, that the time is right for companies like FireEye to work with Sri Lankan policy and businesses to leapfrog Sri Lanka›s security posture. Today, Sri Lanka is the first country in South Asia, and only second in Asia after Japan to have joined the Budapest Convention on Cybercrime.
Participants attended the event from numerous enterprises, including telcos, financial institutions, insurance companies, conglomerates and enterprises.
FireEye, a globally-renowned, US-based cyber security company, has spent the week discussing with Sri Lankan businesses about the risks of advanced cyber-attacks and how organisations can defend themselves.
FireEye focuses on stopping advanced attacks such as malware, zero-day exploits, and APT tactics, leveraging on a platform that carries a virtual execution signature-less engine. Through this solution, the company›s strategy is to supplement traditional and next-generation firewalls, IPS, anti-virus, and gateways, to enhance its security against attacks on e-mail, web, and even file sharing vectors.
FireEye has a growing base of customers today in all industry segment and enterprises.