Jonathan talks about the Pipedream attack and the implications of hacking industrial control networks. Can VPNs increase vulnerabilities, and how vulnerable are industrial control networks generally? Christian and Jonathan discuss.Christian Whiton (00:09):Welcome to Cyber Context, the podcast featuring Jonathan Moore, the Chief Technology Officer of SpiderOak. Jonathan, the Ukraine war is going on and revealing more and more about our cyber capabilities and cyber defenses and Russian and other bad actors and their cyber capabilities against us. It seems in the past week, the US government has become concerned. It appears to have gotten the upper hand on this one incident, but something called Pipedream, which I gather was a compromise that was directed at LNG. So natural gas facilities here in the United States.Christian Whiton (00:48):So not a 100% sure it came from Russia, whether it was the Russian government or other actors, but probably knowing what's going on in the world and with the target being gas that's kind of interesting. Of course, that's the one thing Europe seems still to have to buy from Russia if they want to keep the lights on the price has gone up. Maybe Russia wants it to go higher. Still, maybe Russia doesn't like the idea of Europeans buying our natural gas instead of getting it from there or getting it from Cutter. What does this tell us? This is sort of an interesting and different attack targeting critical energy infrastructure?Jonathan Moore (01:26):Yeah. Well, I think if I recall correctly, this has been attributed to Sandworm, which is the same threat actor that attacked the Ukraine power system in the past. Shutting power off to Kyiv in two different events and I mean, the Pipedream is a tool kit piece of malware. So it's a piece of software or collection of software and tools used to cause temporary or permanent loss of capability in these industrial control systems. So, I think it's interesting and there's several interesting things about it. So one I want to think that it's, I think we have a good belief that this is a real incident and not just sort of propaganda and trying to show yet again, we've got the better of Russia either through intelligence or having better capabilities it's actually been commented on.Jonathan Moore (02:28):And apparently the original research and reverse engineering was done by Dragos who's really the premier security company in these industrial control systems in the US. So, it is really interesting. And it does show if this was something that Russia meant to use that they were trying to escalate and bring some of the conflict directly back to us domestically, which I think it would be an interesting shift if we saw it stop. We've heard the government warning us for months now that, "Hey, Russia's coming and we haven't seen them yet." So if it is an attack that we thwarted that they meant to follow through on that is really interesting. And I wonder, what else we are defending against successfully? I think I'm super interested too, whether this was a detection that we caught early and stopped them by hard work and luck, or whether this is tipped off by espionage. Since apparently we've got some great espionage capabilities in Russia, as we've repeatedly called out what their plans of the next week were to their frustration. So, it is a very interesting event.Christian Whiton (03:47):Yeah. I'd like to talk more about the vulnerability of these industrial control networks, but maybe before we get there, another recent attack on US energy related infrastructure of course, was Colonial Pipeline. It sounds like this potentially was much more sophisticated because it wasn't Colonial Pipeline. I mean, didn't that come down to a password that one of their senior officers said was really complicated, but nonetheless was discovered and it was an attack on a billing system. Am I right? Is what we're talking about here more sophisticated than that one?Jonathan Moore (04:19):Well, I think I'm not sure... Sophisticated may or may not be the right language to use, but I think that the right way to think about it is what the goal of the adversary was. So yes, Colonial Pipeline shut down because they couldn't do billing and they didn't want to give away energy for free. But the goal of those adversaries was to shake down Colonial Pipeline. To get money in return where the apparent goal of these adversaries was to shut down capability as a form of attack as a tool of politics and military, not as a way to make more money. So it was not a financially motivated attack it was a politically motivated attack. So that I think is really the big difference to see in terms of framework. I mean, without having these various things in hand and we do not, I do not have this in hand and if there is a report that's available, I haven't read it myself.Jonathan Moore (05:19):I can't really speak to the actual level of complexity, but if it was targeted industrial control ...
Show More
Show Less
Dec 21 202234 mins