By Brian Prince
In an interview with eWEEK, the Intrepidus Group reveals some of the
details behind a malware attack that exposed critical systems at an
energy company. Using a Microsoft zero-day vulnerability and a bit of
social engineering, hackers compromised a workstation and threatened
critical SCADA systems.
It began with an e-mail sent to an employee at an energy company, and
ended with a security breach that exposed critical systems to outside
It is an all too common scenario, and one just one example of the types
of threats targeting not only critical infrastructure but organizations
generally. The attack referenced above happened at the site of an energy
company Intrepidus Group is keeping anonymous. In a discussion with
eWEEK however, the security vendor outlined just how a malware attack
broke into a critical network.
The attack began to unravel April 3, 2007. That's when a fraudulent user
account - complete with administrative privileges - was detected by the
energy company. At that point, Intrepidus Group was called in to try to
uncover what exactly happened. Working backwards, the company traced
everything back to a phishing e-mail and a little bit of social
"What started off as a very strange attack where people couldn't
understand why these random administrative accounts were being added in
the internal network ended up being two and a half days later us
realizing the primary domain controller in the system - which is the
keys to the system really with all the passwords and user accounts - had
been compromised with this zero-day attack," said Intrepidus CEO Rohyt
Belani. "But the big thing that set off alarms... was that the attack
had originated not from the outside big bad world but... from another
machine inside their corporate network."
Please Donate to the Ron Santo Walk to
Cure Diabetes with Ethan's Crew!