Posted on 21.03.2011 - 11:00 EDT in ONSHORE NEWS by Rons_ROV_Links
McAfee report indicates cyber-attacks on global energy, oil and petrochemical companies
Recently, computer security firm, McAfee reported that global oil, energy and petrochemical companies were targets of cyber-attacks over the last two years. The firm has made the disclosure in a report titled "Global Energy Cyberattacks: "Night Dragon". The covert attacks referred to by the security firm as "Night Dragon" were allegedly initiated from China.
The report also offers circumstantial evidence against an alleged attacker. The attackers created command and control servers in United States (U.S) and Netherlands to launch attacks on oil, energy and petrochemical companies located in Greece, Kazakhstan, Taiwan and U.S. The attackers also targeted company executives. The purpose of the attacks was to steal highly privileged data concerning proprietary operations and project financing information such as oil and gas field bids.
Over the last few years, government, military, industrial facilities and scientific institutions have faced repeated intrusions. The latest disclosure highlights that corporate bodies are also vulnerable to cyber-attacks. Last year, Google reported intrusion attempts by alleged Chinese hackers. The motive behind such attacks may be to indulge in corporate espionage, compromise information security or even to create panic.
McAfee report indicates that offenders used a combination of several attack methods such as SQL injection, social engineering and spear phishing to compromise the security apparatus of the targeted company. The attackers launched SQL injections to breach perimeter security controls. Spear phishing was used to target company executives. The e-mails sent to the company officials included a link to a malicious website. When unwary employees visited the malicious website, a Remote Administration Tool (RAT) malware was downloaded in their computer systems. The malware is designed to compromise other systems and extract sensitive information. The extracted information is then sent to one of the command and control servers.
Usually, ethical hacking is used to identify the vulnerabilities in the security infrastructure. In this case, five of the affected companies hired professionals of the security firm to mitigate the vulnerabilities.
The attackers also explored the networks of the targeted companies to gather relevant information. The attack tools such as WebShell and ASPXSpy were used to evade firewalls and other security perimeters and gain unauthorized control. The attackers also compromised administrative user accounts. They also deployed attack tools, allegedly available in Chinese underground websites to create backdoors and install Trojans to breach security policies of the targeted networks.
Information security professionals at McAfee have offered several prevention tools and solutions to prevent "Night Dragon" and similar attacks. Proactive coordination between computer security firms, product vendors, software developers and other stakeholders may help in improving IT security environment and reduce security breaches.