Google’s Project Zero team this week published the results of an investigation into attacks that targeted Android and Windows devices in the early months of 2020. The team posted its results in a six-part blog post. The team said the attack was conducted by “a highly sophisticated actor.”
The Project Zero team described two exploit servers–one targeting Windows users, and a second targeting Android users–that used a strategy known as “watering-hole attacks.” In this kind of attack, a malicious actor either guesses at or observes which websites a user or organization uses regularly. It then infects one or more of these sites with malware.
Both exploit servers used known Chrome browser flaws to remotely activate malicious code on Windows and Android devices. In the attacks on Android users, Google found that attackers were able to deliver additional software payloads. These payloads collected device fingerprint information and location data among other things.
The two exploit servers capitalized on both zero-day and n-day vulnerabilities. A zero-day vulnerability is a weakness in software that the vendor has not yet identified. This could be a minor bug or a massive security gap that malicious actors could easily exploit. A known-day or n-day vulnerability is known by the vendor and may or may not have been patched.
The Wider Danger of N-Day Vulnerabilities
Zero-day attacks generally get more attention because they highlight previously undiscovered weaknesses. But n-day attacks can pose an even greater risk, particularly for the energy sector and its reliance on industrial control systems (ICS).
ICS is a collective term for the systems, instrumentation, networks, and controls that operate or automate industrial processes. One of the most common is a distributed control system (DCS). A DCS uses a system of sensors, controllers, and associated computers throughout an industrial plant that communicate with a central computer to control aspects of the plant’s operation.
ICS poses an elevated risk from n-day exploits for a number of reasons. In the energy sector, availability for offline updates is limited. Disruption of service could affect critical infrastructure that businesses and consumers rely on daily.Unlike the IT sector, ICS operations are not standardized. Patches for discovered security flaws often have to be administered manually.
Perhaps the most significant reason ICS has an elevated risk is that industrial assets are costly and less frequently updated. Systems can often outlive the vendor support needed to keep current on security risks.
Protecting Critical Infrastructure
ICS vulnerabilities are not new. But several developments in 2020, including the COVID-19 pandemic, an uptick in attacks on healthcare systems, and attacks on the Israel Water Authority, show how vulnerable critical infrastructure can be to cyberattacks. Key findings in a recent report by Claroty on ICS risk and vulnerability found a number of concerning trends.
Energy, critical manufacturing, and water systems were the sectors most affected by hundreds of known ICS vulnerabilities, according to the report. A majority of these vulnerabilities could be exploited remotely. And the five most common were easily exploited and capable of compromising the availability and safety of industrial systems.
SecureData has been committed to providing the most comprehensive and effective data security solutions for more than a decade. Offline hardware-encrypted storage and backups, remote management, and solid endpoint security and antivirus protection are at the core of our total security approach.
This comprehensive approach is essential for any industry that regularly handles sensitive and heavily regulated data. Call us now at 1-800-520-1677 to learn more about how SecureData can keep you and your business protected.