An Elevate Cyberattack Surface Threatens Nuclear Facilities

Category: Critical Infrastructure Security | Industry: Energy | Level: Strategic | Source: Cyble

Hostile cyber activity has increased significantly as all manner of cybercriminals have used the Russia and Ukraine war to widen their attack surface. Threats to critical infrastructure organizations continue to rise with threat actors looking to disrupt the ecosystem and steal sensitive data. Research from Cyble Research & Intelligence Labs (CRIL) have noticed a particular concern in attacks against the nuclear energy sector. From Cyble, "Even though Nuclear Facilities are intended to be air-gapped, misconfigured networks, exposed assets, and vulnerable IT/OT devices with network and social engineering attacks can be considered critical elements when launching cyber-attacks. Also, considering a large amount of confidential data and Personal Identifiable Information (PII) of critical sector organizations and employees working in Nuclear Facilities has been leaked on cybercrime forums. Hence, launching a successful cyberattack on these facilities might become more prevalent." Based on cyber forum posts since February 2022, nuclear facilities located in Russia, Taiwan, Brazil, Indonesia, Iran, Thailand, India, and South Africa have all been impacted by a data breach. Threat actors have made off with a treasure trove of highly important and sensitive documents including source code, supply chain-related documents, blueprints, diagrams, financial reports, organizational plans, personally identifiable information (PII), and credentials. The exposure of the compromised data provides a springboard to other attacks for cybercriminals able to craft new exploits known as the technology and firmware used by targeted organizations. Of course, compromised credentials can easily be used as well to initiate attacks.

‍