LookingGlass Cyber Solutions, a company providing actionable threat intelligence, has released two new reports identifying and summarising vulnerabilities, exposures, and botnet infections currently seen across the financial services and energy sectors. These sector-level reports also identify which items have the most pressing ties to Russian nation-state or affiliated threat actors.
Leveraging LookingGlass’ external attack surface monitoring solutions, the reports feature the following across both critical infrastructure sectors:
- A US heatmap of the sector’s cybersecurity vulnerabilities and exposures.
- Most prevalent verified vulnerabilities.
- Significant exposures that violate cyber best practices.
- Most prevalent bot infections.
The reports move beyond assumptions about the cybersecurity posture of US critical infrastructure and highlight key cyber risks that need to be addressed.
The Financial Services report shows a significant number of infections across the sector.
While Minerpanel, a botnet associated with cryptomining, is most pervasive across financial services at 27 per cent, the depth of Sality – a botnet associated with the Russian actor group SALTY SPIDER that is currently infecting 13 per cent of the sector – is highly concerning.
“Sality has been tracked to a cyber-criminal group believed to be operating out of Russia, and we can’t overstate how dangerous it is,” said David Marcus, senior director of cyber intelligence at LookingGlass. “Malware like this allows threat actors to prey on an organisation’s network beyond simply using their resources, including exfiltrating data and executing remote code. Sality can wreak the sort of havoc that’s detrimental to your business and others unless remediated.”
The energy sector also has widespread Minerpanel and Sality infections, at 12.55 per cent at 11.87 per cent, respectively. However, the most prevalent bot infection is Pony (Ponyloader), seen in 20.65 per cent of energy institutions. Pony has been highly successful at stealing usernames and passwords as well as loading additional malware onto infected machines. In 2014, Pony was attributed to stealing more than 700,000 credentials, including more than 800 Remote Desktop credentials.
“As geopolitical tensions mount and nation-state threat actors continue weaponising their cyber capabilities, US critical infrastructure must take proactive measures to identify and address their vulnerabilities and exposures,” says LookingGlass CEO Gilman Louie. “There’s never been a more pressing time for these organisations to improve their cybersecurity posture. Based on our findings, I would urge critical infrastructure organisations to immediately update and patch their systems to fix these issues.”