Russian hackers have been probing—and gaining access to—critical U.S. infrastructure organizations like electric utilities. But how?
Aren’t these supposed to be among the most protected assets in the entire country? Certainly the dangers of any compromise of the electric grid are scary to contemplate. So it’s worth understanding the ways in which hackers exploit both technical vulnerabilities and human behavior to gain illicit access.
A new report by cybersecurity firm Cybereason reveals some of the methods that hackers have been using to break into these holy grails of our national industrial infrastructure.
The firm established a “honeypot” site—a fake website made to resemble a large electricity provider—and then sat back and watched what happened.
They didn’t sit around for long.
“Just two days after the honeypot went live, attackers had discovered it, prepared the asset for sale on the dark Web and sold it to another criminal entity who was also interested in [industrial control system] environments,” according to the report.