- Dec 30, 2012
- 4,809
US nuclear regulator the Nuclear Regulatory Commission has been hit by at least three major cyber attacks over the past three years designed to steal user log-in credentials and infect machines, according to a new report.
An Inspector General report obtained by Nextgov and covering the period 2010 to November 2013 shows that likely foreign operatives, potentially state-sponsored, launched 17 compromise attempts.
One such apparently involved phishing emails sent to 215 employees urging them to verify log-in account details by clicking on a link.
The IG’s Cyber Crime Unit is said to have tracked the attacker down to an unnamed “foreign country”.
Although 12 employees fell for the scam, the NRC “cleaned their systems and changed their user profiles”, according to spokesman David McIntyre.
Another attack involved spearphishing emails containing a malicious link to a Microsoft Skydrive site loaded with malware.
That attack is said to have resulted in one compromise and was also traced back to a foreign nation.
Finally, the report details a case where attackers managed to infiltrate the email account of an NRC employee and sent malicious attachments in messages to the victim’s colleagues.
McIntyre played down the incidents.
“The NRC’s computer security office detects and thwarts the vast majority of such attempts, through a strong firewall and reporting by NRC employees," he told Nextgov.
"The few attempts documented in the OIG cyber crimes unit report as gaining some access to NRC networks were detected and appropriate measures were taken."
However, the incidents do highlight the continued risks facing organizations in critical national infrastructure industries.
The NRC apparently holds information on the location and inventories of nuclear plants around the US, as well as which facilities handle weapons-grade materials.
Charles Sweeney, CEO of Bloxx, argued that the case proves CNI firms must have a robust, holistic security policy.
“The examples cited yet again underline the importance of ensuring employees are cyber crime savvy and rather than blindly clicking on links, think ‘hang on a minute, this doesn’t look right’,” he told Infosecurity.
Further Reading
An Inspector General report obtained by Nextgov and covering the period 2010 to November 2013 shows that likely foreign operatives, potentially state-sponsored, launched 17 compromise attempts.
One such apparently involved phishing emails sent to 215 employees urging them to verify log-in account details by clicking on a link.
The IG’s Cyber Crime Unit is said to have tracked the attacker down to an unnamed “foreign country”.
Although 12 employees fell for the scam, the NRC “cleaned their systems and changed their user profiles”, according to spokesman David McIntyre.
Another attack involved spearphishing emails containing a malicious link to a Microsoft Skydrive site loaded with malware.
That attack is said to have resulted in one compromise and was also traced back to a foreign nation.
Finally, the report details a case where attackers managed to infiltrate the email account of an NRC employee and sent malicious attachments in messages to the victim’s colleagues.
McIntyre played down the incidents.
“The NRC’s computer security office detects and thwarts the vast majority of such attempts, through a strong firewall and reporting by NRC employees," he told Nextgov.
"The few attempts documented in the OIG cyber crimes unit report as gaining some access to NRC networks were detected and appropriate measures were taken."
However, the incidents do highlight the continued risks facing organizations in critical national infrastructure industries.
The NRC apparently holds information on the location and inventories of nuclear plants around the US, as well as which facilities handle weapons-grade materials.
Charles Sweeney, CEO of Bloxx, argued that the case proves CNI firms must have a robust, holistic security policy.
“The examples cited yet again underline the importance of ensuring employees are cyber crime savvy and rather than blindly clicking on links, think ‘hang on a minute, this doesn’t look right’,” he told Infosecurity.
Further Reading
