Cyber Primer

Recommendations

Info

Integrating cyber operations Case study 3 – Alleged cyber attack against a state’s critical national infrastructure Cyber attack against Ukrainian critical national infrastructure Who Although the United States’ Department of Homeland Security, who conducted the analysis, did not name any group or nation as being responsible for causing the power cuts, independent analysts have linked the spear-phishing attack to Russia – iSight Partners, a United States security firm, said the probable culprit was the so-called ‘Sandworm Team’, a Russian hacking group it has been tracking for more than a year. What Cyber attack against three Ukrainian regional electric power distribution companies (Oblenergos) that cut power to 225,000 people in Ukraine. The attack is thought to be the first known successful cyber attack aimed at critical national infrastructure. How A report written by the cyber emergency response team in the Industrial Control Systems arm of the Department of Homeland Security said the attack had several stages and initially involved hackers installing malware on computer systems at power generation firms in Ukraine, probably facilitated by a spear-fishing email sent to an employee. The cyber attack was reportedly synchronised and coordinated across the three locations, probably following extensive reconnaissance of the target networks. According to company personnel, the cyber attacks at each company occurred within 30 minutes of each other and impacted multiple central and regional facilities. During the cyber attacks, malicious remote operation of the breakers was conducted by multiple external individuals using either existing remote administration tools at the operating system level or remote industrial control system (ICS) client software via virtual private network (VPN) connections. The companies believe that the actors acquired legitimate credentials prior to the cyber attack to facilitate remote access. While the power was cut, the attackers also bombarded customer service phone lines with fake calls to stop customers reporting the cut. 80 Cyber Primer (2nd Edition)
Integrating cyber operations Cyber attack against Ukrainian critical national infrastructure How (continued) The attack was more alarming than a simple malware infection that allowed remote access as the widespread disruption of services was caused by power outages at three different regional electric power distribution companies. Note: Details of the attack were based entirely on interviews with staff at Ukrainian organisations that dealt with the aftermath of the attack. The Department for Homeland Security Cyber-Response Team was unable to independently review technical evidence. Against whom Why Three Ukrainian regional electric power distribution companies (Oblenergos). Crimea, the region annexed from Ukraine by Russia, has suffered repeated power cuts since Russia seized the territory in March last year. Russia has blamed pro-Ukraine saboteurs for the outages and it is possible this was conducted in retaliation for the outages in the Crimea. When 23 December 2015. Impact Disruption of electrical power to 225,000 customers. First assessed attack on critical national infrastructure. More information Background to the issue can be found at: US Dept of Homeland Security IR- ALERT-H-16-056-01 Cyber Attack Against Ukrainian Critical Infrastructure and http://www.bbc.co.uk/news/technology-35667989 © Shutterstock Ukrainian electrical plant Cyber Primer (2nd Edition) 81
Page 1 and 2:
Cyber Primer Second Edition Develop
Page 3 and 4:
Cyber Primer The Cyber Primer (2nd
Page 5 and 6:
Preface ‘The Government will ensu
Page 7 and 8:
Contents Preface . . . . . . . . .
Page 9 and 10:
“In the information age almost al
Page 11 and 12:
Fundamentals of cyber Chapter 1 - F
Page 13 and 14:
Fundamentals of cyber • are ready
Page 15 and 16:
Fundamentals of cyber cyber and cyb
Page 17 and 18:
Fundamentals of cyber • details o
Page 19 and 20:
Mainstreaming, competencies, unders
Page 21 and 22:
Fundamentals of cyber 1.27. Cyber b
Page 23 and 24:
1A.5. Armed attack. Armed attack is
Page 25 and 26:
Fundamentals of cyber Notes Cyber P
Page 27 and 28:
“In the “We information reserve
Page 29 and 30:
Cyber threats Chapter 2 - Cyber thr
Page 31 and 32:
Cyber threats 2.5. Cyber attacks ca
Page 33 and 34:
Cyber threats 2.9. Terrorists. Terr
Page 35 and 36:
Cyber threats b. Payload. Payload i
Page 37 and 38: Cyber threats The process of attrib
Page 39 and 40: Phishing Spear phishing Whaling Fak
Page 41 and 42: Cyber threats Malware types Viruses
Page 43 and 44: Cyber threats and/or securely. Such
Page 45 and 46: How Against whom Why Theft of perso
Page 47 and 48: Cyber threats Using Twitter to mani
Page 49 and 50: Cyber threats Cyber attacks against
Page 51 and 52: Cyber threats State use of cyber op
Page 53 and 54: Cyber threats Case study 6 - The im
Page 55 and 56: Cyber threats Impact of malware on
Page 57 and 58: Cyber threats Social engineering ag
Page 59 and 60: “In the information age almost al
Page 61 and 62: Chapter 3 - Cyber functions Cyber f
Page 63 and 64: Cyber functions levels, they protec
Page 65 and 66: Cyber functions • command and con
Page 67 and 68: Cyber functions 3.16. Indicators an
Page 69 and 70: Cyber functions Maritime Land Air a
Page 71 and 72: Cyber functions 3.27. Electromagnet
Page 73 and 74: “In the information “It is impo
Page 75 and 76: Integrating cyber operations Chapte
Page 77 and 78: Integrating cyber operations Cyber
Page 79 and 80: Integrating cyber operations archit
Page 81 and 82: Integrating cyber operations physic
Page 83 and 84: Integrating cyber operations NATO a
Page 85 and 86: Integrating cyber operations Cyber
Page 87: Integrating cyber operations Israel
Page 91 and 92: Lexicon Lexicon Part 1 - Acronyms a
Page 93 and 94: Part 2 - Additional terms and defin
Page 95 and 96: Lexicon information operations Info
Page 97 and 98: Lexicon TEMPEST TEMPEST refers to t
Page 99 and 100: Lexicon Cyber Security Information
show all

Cyber Primer

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?