Homeland security

US Homeland Security Warns on Critical Vertical Attacks

The National Cybersecurity and Communications Integration Center (NCCIC) at the US Department of Homeland Security has issued a warning on an emerging sophisticated campaign targeting critical verticals, including public health, critical manufacturing and IT.

The campaign has been active since at least May 2016, NCCIC said, using multiple malware implants. The threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates—and could instigate a medium-priority incident affecting public health or safety, national security, economic security, foreign relations, civil liberties or public confidence.

“Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments,” the organization noted, in a bulletin, which also includes NCCIC mitigations and recommendations. “Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.”

The bad actors generally use malware implants to acquire legitimate credentials, and then leverage those credentials to pivot throughout the local environment. A secondary technique involves using backdoors left behind on key relay and staging machines.