'Night Dragon' threat to oil and gas bids

Co-ordinated cyber attacks over the past four years against oil and gas companies threatened the financial systems and critical infrastructure they relied on to cast bids, an anti-virus vendor claimed.

McAfee believed the Night Dragon attacks, as they called them, originated in China and targeted extranet web servers with SQL injection, sensitive documents on workers' PCs including confidential emails and bid materials, disabled security protocols and hijacked machines and login credentials.

McAfee said the attacks that dated to at least November 2009 and possibly two years earlier were ongoing.

Although he said the techniques were "unsophisticated", in revealing the alleged breaches McAfee chief technology officer George Kurtz acknowledged the depth and breadth of the intrusions. Attackers, which Kurtz believed were from China, deployed social engineering, spear-phishing (targeting individuals for information), Windows exploits, Active Directory compromises and remote administration tools.

He said it showed how cyber crime has evolved from the hobbyist to a professional activity.

“While the list may seem impressive, these methods and tools are relatively unsophisticated," Kurtz said.

"The tools simply appear to be standard host-administration techniques that utilise administrative credentials. This is largely why they are able to evade detection by standard security software and network policies.

“These techniques are very common across many of the intrusions we examine. Intrusion techniques that we wrote about since 1999 in the original Hacking Exposed text still work very well a decade later."

He said that information security vendors were able to provide a prophylactic against the attacks.

McAfee recommended that companies reviewed its ePolicy Orchestrator software and anti-virus logs for Night Dragon signature detections and intrusion-detection systems for ‘BACKDOOR: NightDragon Communication Detected' alerts.”

Kurtz said there was strong evidence the attackers were in China because the tools, techniques and network activities trace back there.

“These tools are widely available on the Chinese web forums and tend to be used extensively by Chinese hacker groups. McAfee has determined identifying features to assist companies with detection and investigation,” Kurtz said.

“Well coordinated, targeted attacks such as Night Dragon, orchestrated by a growing group of malicious attackers committed to their targets, are rapidly on the rise. These targets have now moved beyond the defence industrial base, government and military computers to include global corporate and commercial targets.

“More and more, these attacks focus not on using and abusing machines within the organisations being compromised, but rather on the theft of specific data and intellectual property. Focused and efficient define the very essence of today's attackers."

This article originally appeared at scmagazineuk.com