The latest Nozomi Networks Threat Intelligence package provides Industroyer2 Indicators of Compromise (IoCs) rules that will detect and alert customers of any known activity linked to the malware. There have been reports of some hardcoded IPs in the malware sample, which is an indication that the threat actors had intimate knowledge of the environment in which they were deploying. Nozomi Networks will provide additional information and coverage once the relevant samples are analyzed in-depth.
Sandworm’s attack on Ukraine’s power grid using Industroyer2 is a reminder for ICS owners and operators to stay vigilant.
Stay Protected and Resilient
Here are some ways companies can increase their protection right now:
- Basic cyber hygiene: reset passwords, check employee and vendor account/network access and permissions, scan the network for any open ports and close/secure them, etc.
- Utilize YARA rules to search for and generate alerts on associated malware activity
- Use anomaly detection tools to detect any changes or variations to malware, as well as any irregular activity occurring in OT environments
- Use an automated firewall in conjunction with an anomaly detection tool to stop further attack commands
- Threat hunt for suspicious activity in your network; this can potentially help to discover attackers early on
We also recommend adhering to CISA’s 2017 advisory if those security measures have not been implemented already.
Nozomi Networks will continue to monitor the situation and provide updates on what we are seeing, as well as recommendations the OT industry can use to protect their networks.
Trends and Countermeasures for Critical Infrastructure Attacks
- Insights on ransomware and software supply chain attacks in 2H 2021
- OT/IoT vulnerability research and exploitation trends
- Suggested remediation strategies
Security Research Evangelist
Roya Gordon provides insights and solutions for OT and IoT security. Prior to Nozomi Networks, Roya worked as the Cyber Threat Intelligence subject matter expert (SME) for OT and Critical Infrastructure clients at Accenture, a Control Systems Cybersecurity Analyst at Idaho National Laboratory (INL), and as an Intelligence Specialist in the United States Navy. She holds a Masters in Global affairs with a focus on cyberwarfare from Florida International University (FIU).