Recently we pushed a report to our customers about an interesting and common component of the cybercrime malware set – SystemBC. And, in much the same vein as the 2021 Darkside Colonial Pipeline incident, we found a new SystemBC variant deployed to a critical infrastructure target. This time, the proxy-capable backdoor was deployed alongside Cobalt Strike beacons in a south African nation’s critical infrastructure.
Kim Zetter closely reviewed the preceding Colonial Pipeline incident in her BlackHat 2022 keynote “Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed”, calling it a “watershed moment”. We are now seeing targeting and tactical similarities elsewhere in the world.
A lot of abstract content and interesting trend analysis has been published about industrial ransomware attacks “The second quarter of 2023 proved to be an exceptionally active period for ransomware groups, posing significant threats to industrial organizations and infrastructure”, but very little technical detail in the way of particular electric utility ransomware incidents has been publicly reported. We know that surveyed utilities, on a global basis, are reporting more and more in the way of targeted activity and higher risk: “56% [of respondents] report at least one attack involving a loss of private information or an outage in the OT environment in the past 12 months”. While not all of the activity is attributed to ransomware actors, perhaps the relevant ransomware attackers are avoiding retaliation by stron ..
Support the originator by clicking the read the rest link below.
