In 2009 the Wall Street Journal published an article discussing of how cyber spies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system. The reality of cyber warfare is more apparent then ever as we have witness countless news stories of how foreign threats are targeting and infiltrating energy companies as a method of spying, and possible disruption attacks against US infrastructure.
Advanced Persistent Threats (APT – the term used for when foreign elements infiltrate systems for intelligence/cyber warfare purpose) is occurring more frequently as the need for information increases for the adversary. Foreign governments are more then ever targeting energy systems for industrial espionage and the scary possibility of industrial sabotage. It is no coincidence that NERC CIP is hot topic in the energy industry as APT threats continue to increase in the energy sector.
DNC has been involved in the cyber counterintelligence for the past decade we specialize in identifying anomalous behavior that may be suggestive to potential malicious or counter intelligence related activity. Our expertise and experience can determine if cyber spies have infiltrated your organization. DNC provides many difference cybersecurity services for our malware/cyber counterintelligence program, and here are some few examples:
- Review network security architecture, and develop new comprehensive security architecture overhaul that include enhancing security on LDAP, SCADA processes, routing and switching, desktop security, software development, security awareness training, database security configuration, and more.
- Performing reverse engineering of malicious code to discover vulnerabilities in binaries, attribution of author, defensive mechanisms to prevent spread of malware. Utilizing the sandbox to isolate malware, unpacking malware, monitoring registry changes, and identifying malware communication channels (command and control, drop points, etc.).
- Provide trend analysis through data & network analytics for correlated information sources and network data such (event logs, IDS, and network captures.)
- Develop SOP for incident handling, detection and threat mitigation procedures.
- Support direct investigation of cyber activity targeting customer information and its information infrastructure. Provide support to the Security Operations Center in the advanced analysis, mitigation, and reporting of cyber threats affecting organizational networks.
- Assist organizational training department in the education of staff on the cyber threat methodologies (e.g. spear fishing).
- Conduct data exfiltration/leakage assessment (Advanced Persistent Threat /APT) & malware analysis using various tools.
- Conduct analysis on captured user, computer, and network security events, in a near-real time environment, to determine security vulnerabilities, policy violations, and malicious behavior.