Pipedream Malware is the latest cyber threat

Two decades ago it was a tie between Al-Qaeda and Saddam Hussein with his weapons of mass destruction as to which was the largest threat to the United States. If during that time the suggestion would have been made that the largest threat facing the Unites States twenty years later would come from the internet, they would have been laughed at. However, no one is laughing now.

Cyberattack technologies originating out of China constitute the largest amount of attacks aimed at targeted victims. They are also responsible for the vast majority of malicious software in use currently. However, Russian based technologies held the largest amount of widespread cyberattacks.  Iranian based cyber technologies specifically targeted the Defense industry and the government.

Disruption of elections, taking out an electrical grid prior to a ground invasion, distributing propaganda to incite rioting and coups are just some of the ways in which cybersecurity technologies can be use against the United States.  INDUSTROYER2, STUXNET, HAVEX, BLACKENERGY2, CRASHOVERRIDE, and TRISIS have changed the nature of warfare globally. China, North Korea, Iran and Russia all possess the skills and resources to execute a cyberattack against the US.

The smaller nation states or non-nation state will disrupt regional infrastructure with targeted attacks against a specific sector. Healthcare and financial industries have been the most frequent victims of cyberattack.

The most important action congress can take is to set a cybersecurity standard and launch an awareness campaign to market it. This must be followed through with the empowerment of the Cybersecurity Czar to be able to hold agencies accountable.

Largest Threat to Critical Infrastructure Cyberattack Technologies

Cyberattack is the number one priority threat to the United States. The cyberattacks are happening more often, affecting more systems, becoming more sophisticated, and causing more harm. The Department of Energy (DOE), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory (CSA) to warn that certain advanced persistent threat (APT) actors have exhibited the capability to gain full system access to multiple industrial control system (ICS)/supervisory control and data acquisition (SCADA) devices. https://www.cisa.gov/uscert/ncas/alerts/aa22-103a

The nature of these cyberattacks is changing to a new method. The cyberattacks are designed to gain access to information not to destroy it as was done in the past. The likelihood of a catastrophic attack in small, but the threat of many small scale attacks is increasing.

Pipedream

The Pipedream malware tools have a modular architecture and enable hackers to conduct highly automated exploits against America’s critical infrastructure. It said the malware could be used to shut down critical machinery, sabotage industrial processes and disable safety controllers, leading to the physical destruction of machinery that could lead to the loss of human lives. It compared the tools to Triton, malware traced to a Russian government research institute that targeted critical safety systems and twice forced the emergency shutdown of a Saudi oil refinery in 2017 and to Industroyer, the malware that Russian military hackers used the previous year to trigger a power outage in Ukraine. https://apnews.com/article/technology-business-north-america-malware-300f886c2757a9e6bd96f1ee20a8f5db

The hackers can leverage the modules to scan for targeted devices, conduct reconnaissance on device details, upload malicious configuration/code to the targeted device, back up or restore device contents, and modify device parameters. https://www.cisa.gov/uscert/ncas/alerts/aa22-103a

In addition, the hackers can use a tool that installs and exploits a known-vulnerable ASRock-signed motherboard driver, AsrDrv103.sys, exploiting CVE-2020-15368 to execute malicious code in the Windows kernel. Successful deployment of this tool can allow APT actors to move laterally within an IT or OT environment and disrupt critical devices or functions.

The malware was “designed to be a framework to go after lots of different types of industries and be leveraged multiple times. Based on the configuration of it, the initial targets would be liquid natural gas and electric in North America.”. https://www.worldpipelines.com/business-news/14042022/dragos-discovers-new-malware-pipedream/

Previous
Previous

my latest YouTube: cybersecurity tips for small business

Next
Next

Cybersecurity for small business podcast