Chemical industry targeted by cyber spy attacks
- By William Jackson
- Nov 01, 2011
The global chemical industry was the latest target of a campaign of online attacks over the summer seeking intellectual property on the research, development and manufacturing of advanced materials, according to a recent report from Symantec Security Response.
“Attacks on the chemical industry are merely their latest attack wave” in a series of industrial espionage efforts that appear to be coming from China, the report states.
The campaign, which Symantec has dubbed Nitro, comes at a time when industry preparedness to deal with threats to critical infrastructure appears to be slipping, according to a study by Symantec.
Cyberattacks on infrastructure are the 'new normal'
After 13 years, critical infrastructure security still lacking
“It seems like they are less engaged, less concerned and perhaps a little less prepared,” said Dean Turner, director of Symantec’s Global Intelligence Network.
A survey of nearly 3,500 companies found that companies are paying less attention to their government-sponsored critical infrastructure protection programs than they did last year and feel that their networks are not as well prepared to withstand attacks.
The survey covered only industry’s involvement with government-sponsored protection programs, such as the Information Sharing and Analysis Centers in this country and the Homeland Security Department’s sector coordinating councils. Turner said the survey findings do not necessarily reflect industry’s security efforts outside of government programs.
“I don’t want to be too critical,” Turner said of the findings. “There are extenuating circumstances.”
Dealing with the day-to-day challenges of maintaining a budget and running a business during an economic downturn is a distraction from IT security concerns, he said. On the bright side, the situation in the United States seems to be a little better than the global average, both in awareness of executive management and preparedness of networks to withstand attacks. Turner ascribes this at least in part to the work done by the National Institute of Standards and Technology in bringing attention to the issue of critical infrastructure protection and making information available.
The Nitro campaign identified by Symantec began in late July and continued through mid-September. Of 101 IP addresses found to be infected, the largest share, 27, was in the United States, followed by Bangladesh with 20 and the United Kingdom with 14.
The attacks were initiated with spear phishing e-mails, often containing a meeting invitation or a security update. These downloaded a backdoor Trojan horse, which in turn downloaded the PoisonIvy remote access tool from a command and control server.
The attacks were traced to a system in the United States that was owned by a Chinese national, although the ultimate source of the campaign has not been determined.
Earlier campaigns apparently from the same source were directed against nongovernmental organizations in the spring and against the automotive industry in May.
The Nitro attacks represent only a small part of an ongoing campaign of industrial espionage being conducted online, Symantec researchers said.
“Numerous targeted attack campaigns are occurring every week,” they wrote. “However, relative to the total number of attacks, few are fully disclosed. These attacks are primarily targeting private industry in search of key intellectual property for competitive advantage, military institutions and governmental organizations often in search of documents related to current political events and human rights organizations.”
William Jackson is freelance writer and the author of the CyberEye blog.