Security Central: U.S. Energy Grid Powers Up, Avast Secures SMBs and MSPs

This week’s Security Central takes a peek inside the recent power company hacks, explores Avast’s new security solution, and takes a look at the second wave of Locky ransomware.

Over the course of the past nine months, there has been an attack on power. An organized hacking group has wreaked havoc on dozens of U.S. power companies, compromising them to the extent that some of them could have been shut down - production, distribution, everything (according to Symantec, the cybersecurity company that discovered the attack).

Vikram Thakur, principal research manager at Symantec, said that in few cases, this involved access to sensitive company operation details, engineering plans and equipment, in some cases even down to the level of controlling valves, pipes or conveyer belts.

The level of access could have led to “pretty strong impacts,” said Thakur. “It could have taken out the business for a period of a day or two or maybe a month,” he said.

The core focus seems to have been companies that focus on power generation, transmission and distribution, Symantec said (as reported by USA Today).

Joel Brenner, a senior research fellow at the Massachusetts Institute of Technology, thinks that these attacks shouldn't really be that shocking to anyone who’s worked in intelligence. According to Brenner, who has nothing but the sunniest of outlooks, states that the goal of the attacks has been "to make clear to the United States that its systems are vulnerable and thus make the president think twice before engaging in any kind of military action, with the looming threat of darkened cities a possibility."

There are a few examples of this already happening, that is, power companies being attacked. One such example is the 2015 and 2016 hacks that hit Ukraine’s power grid, causing blackouts that affected over 200,000 people. The Ukrainian government has blamed Russian-supported hackers for the attacks. At this stage, and at least at this stage, Symantec believes it might have been a "proof of concept" attack, more or less a taunt. Sort of an "I can, and I could, but I won't" type thing. A thumbing of the nose showing to prove to whatever entity was sponsoring the attackers that they had the capability.

“This confirms, again, that advanced adversaries are targeting and gaining access to the world's critical infrastructure” said Galina Antova, co-founder of Claroty, a company that provides security for industrial control networks. “This gives bad actors the ability to harm our systems and possibly people when they choose — as a political statement, during the next conflict, before our during a war,” she said.

This could potentially be part of a new wave of "proof we can hack you" attacks, where systems are infiltrated but not harmed. The potential is always there, though, which is what experts and providers must be aware of.

Our second story takes a look at Avast's recent launch of Avast Business. The new security solution combines technology from AVG and Avast, and is aimed at smaller businesses and managed service providers.

The solution provides one portfolio designed to meet today's SMB security needs and provide strong security protection and greater efficiencies for channel partners. The portfolio includes three new endpoint protection solutions customized for SMB security needs across device, data and identity protection. Avast also integrated this new endpoint protection (device, data and identity protection) into their managed service solutions Managed Workplace and CloudCare.

"Since last year, our focus has been on combining the best of both business product portfolios, partner programs, tools, and systems to eliminate the complexity around protecting businesses, while delivering the most powerful security engine on the market," says Kevin Chapman, senior vice president and general manager of Avast's SMB business (as reported by BetaNews).

Avast Business Endpoint Protection Solutions for SMBs delivers three tiers of protection.

  1. At the basic level is Avast Business Antivirus, a fully-featured antivirus solution to protect against malware, viruses, and other threats.
  2. One step up is Avast Business Antivirus Pro, which adds data protection capabilities, such as secure servers, permanent file deletion, and third-party software updating.
  3. Finally Avast Business Antivirus Pro Plus, delivers antivirus, data protection, and identity protection capabilities, including secure connections and password management.

The other solution is Avast Business Managed Services Solutions for Service Providers. This solution is aimed at channel partners, and allows them to deliver remote security services and network management to their customers. CloudCare is a managed endpoint protection solution that makes it faster and less complicated for service providers to effectively monitor threats, resolve any issues that crop up and deliver multiple layers of protection to their customers. There's also Managed Workplace which entails a full-stack, remote monitoring and management platform equipped with its own native security engine. This means that MSPs can quickly assess, secure, and monitor their SMB customers.

See the full press release for further details. Our final story of the week examines a second wave of new but related IKARUSdilapidated Locky ransomware attacks that has occurred. These attacks are related to the ones discovered by the Comodo Threat Intelligence lab in August (which other researchers referred to as Diablo6). This particular campaign also uses a botnet of zombie computers that carry out phishing attacks which specialize in sending malicious emails appearing to be from your organization’s scanner/printer or other legitimate-seeming sources. The result? The campaign encrypts the victims’ computers and demands a bitcoin ransom. Fun huh?

This second wave of phishing carrying IKARUSdilapidated is actually two different campaigns launched three days apart.

  • The first (featuring the subject “Scanned image from MX-2600N”) was discovered by the Lab to have commenced over 17 hours on Aug. 18
  • The second (a French language email purportedly from the French post office featuring a subject including “FACTURE”) was executed over a 15 hour period on Aug. 21

“In contrast to the initial (Aug. 9) 2017 IKARUSdilapidated Locky campaign, which distributed malware with the ‘.diablo’ extension and a script that is a Visual Basic Script, both new attacks have interesting variations to fool users with social engineering and to fool security administrators and their machine learning algorithms and signature-based tools,” researchers said in a technical analysis of the attack (as reported by ThreatPost).

Fatih Orhan, director of technology at Comodo, has a strong message and warning to experts and partners. “This shows that the malware authors are evolving and changing methods to reach more users and bypass security methods,” Orhan said.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.