Hackers target SMBs in supply chain to US Power Grid

Hackers have learned that to aim for the big guys, they need to compromise the little guys.

Supply chain attacks may not be new, but they are evolving, thanks to smarter malware and more insidious tactics. Today’s reality is that there is a mounting magnitude of supply chain cyberattacks that are taking down small businesses, large enterprises, and even utilities as massive and critical as the US power grid.

According to a recent Wall Street Journal report, Russia launched a sophisticated attack in 2017, carried out in very measured steps, on the US electric grid. Had cybersecurity experts not noticed, this may have succeeded, for the bad actors were not targeting the utility overtly — they were instead compromising the chain that leads there, so to speak.

SMBs are the target

The United States’ main electrical systems are protected by top-level, high-end security, so these Russian hackers exercised patience, playing the long game by going all the way down the supply chain to the small businesses — many of them subcontractors — supporting the US power grid.

Those SMBs were victims of various phishing attempts. One tactic was sending employees emails with malware-laced attachments in the hopes one will be opened. Another was planting malicious ads in online publications frequented by utility engineers hoping an employee of one of the targeted companies would unwittingly click on one.

The attacks were successful. The hackers infiltrated several of the companies’ networks and systems. The hackers could then pretend to be employees of these companies, and move to the next level of their plan. As the hackers worked their way up the supply chain, they gathered more phony credentials while also deepening their foothold in the SMBs’ systems.

By the time the FBI and Homeland Security took notice, the hackers had already accessed an unknown number of companies’ servers. In some they would lay dormant, while in others they’d be active, using the resources of one company to attack another. An example of this is when the hackers infiltrated Oregon construction company All-Ways Excavating USA, a company whose main asset for the hackers was its contact list. Once they got in, the hackers sent emails to All-Ways contacts, pretending to be the All-Ways CEO and guiding clients and colleagues to a malicious URL.

In March 2018, the FBI made a public announcement, exposing the Russian hackers. Since then, even though suppliers all down the chain were closely investigated, experts believe the hackers are still present in certain companies, lying in wait until their next move.

Secure your business — be constantly vigilant against cybercrime  

The lesson here is cybercrime never sleeps. Whatever the size of your company, know the web of connections around you, from your suppliers to your suppliers’ suppliers. Look at their security protocols so you can identify any weak links.

Be constantly vigilant. Put advanced cybersecurity protection in place with strong endpoint protection and network security to block all gateways, and minimize human error by educating users and third-party partners – anyone working within your network – on best security practices.

Our Avast Business solutions offer a range of endpoint and network protection options for any type of business. Check out our Avast Business solutions today.

--> -->