Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | McAfee Report Indicates Cyber-Attacks on Global Energy, Oil and Petrochemical CompaniesRecently, computer security firm, McAfee reported that global oil, energy and petrochemical companies were targets of cyber-attacks over the last two years.
By: EC-Council Over the last few years, government, military, industrial facilities and scientific institutions have faced repeated intrusions. The latest disclosure highlights that corporate bodies are also vulnerable to cyber-attacks. Last year, Google reported intrusion attempts by alleged Chinese hackers. The motive behind such attacks may be to indulge in corporate espionage, compromise information security or even to create panic. McAfee report indicates that offenders used a combination of several attack methods such as SQL injection, social engineering and spear phishing to compromise the security apparatus of the targeted company. The attackers launched SQL injections to breach perimeter security controls. Spear phishing was used to target company executives. The e-mails sent to the company officials included a link to a malicious website. When unwary employees visited the malicious website, a Remote Administration Tool (RAT) malware was downloaded in their computer systems. The malware is designed to compromise other systems and extract sensitive information. The extracted information is then sent to one of the command and control servers. Usually, ethical hacking is used to identify the vulnerabilities in the security infrastructure. In this case, five of the affected companies hired professionals of the security firm to mitigate the vulnerabilities. The attackers also explored the networks of the targeted companies to gather relevant information. The attack tools such as WebShell and ASPXSpy were used to evade firewalls and other security perimeters and gain unauthorized control. The attackers also compromised administrative user accounts. They also deployed attack tools, allegedly available in Chinese underground websites to create backdoors and install Trojans to breach security policies of the targeted networks. Information security professionals at McAfee have offered several prevention tools and solutions to prevent “Night Dragon” and similar attacks. Proactive coordination between computer security firms, product vendors, software developers and other stakeholders may help in improving IT security environment and reduce security breaches. Contact Press EC-Council Website: http://www.eccouncil.org Email: iclass@ Tel: 505-341- EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. # # # iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI). End
|
| ||||||||||||||||||||||||||||||||||||||||||||||||
