A combination of physical destruction, sabotage and cyberattacks can harm or destroy entities involved in hydrogen production, distribution, storage and use. Adversaries plan, prepare and test all three options.
State-sponsored hacker groups carry out operations that look like cybercrime or hacktivism, but are hidden cyberespionage or business intelligence attempts.
Cyber intrusions to hydrogen related facilities, often starting with simple phishing attacks, gather intelligence and steal credentials. Cyberattacks organized by state-sponsored adversaries can cause catastrophic, widespread, and lengthy consequences, and affect business, trade, products, services, government entities, hospitals, banks, the retail market, and families.
Modules of the tailor-made training
- Important developments in hydrogen production, distribution, storage, and use.
- Countries having the capability to launch cyberattacks that could disrupt the hydrogen entities.
The modus operandi
CISA Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors.
- Indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by cyber actors on compromised victim networks.
- The multi-stage intrusion campaign, as it was characterized by the DHS and the FBI, by state-sponsored cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.
- How could all these attacks succeed?
Understanding the tactics, techniques, and procedures (TTPs).
- spear-phishing emails (from compromised legitimate account),
- watering-hole domains,
- credential gathering,
- open-source and network reconnaissance,
- host-based exploitation, and
- targeting industrial control system (ICS) infrastructure.
Who is the “attacker”?
- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.
- Hacktivists and the Electricity Subsector.
- Professional criminals and information warriors.
How do the adversaries plan and execute the attack?
- Step 1 – Collecting information about persons and systems.
- Step 2 – Identifying possible targets and victims.
- Step 3 – Evaluation, recruitment, and testing.
- Step 4 - Privilege escalation.
- Step 5 – Identifying important clients and VIPs.
- Step 6 – Critical infrastructure.
Employees and their weaknesses and vulnerabilities.
- Employee collusion with external parties.
- Blackmailing employees: The art and the science.
- Romance fraudsters and webcam blackmail: Which is the risk for the Electricity Subsector?
- Trojan Horses and free programs, games, and utilities.
- Reverse Social Engineering.
- Common social engineering techniques
- 1. Pretexting.
- 2. Baiting.
- 3. Something for something.
- 4. Tailgating.
- Clone phishing.
- Whaling – phishing for executives.
- Smishing and Vishing Attacks.
- The online analogue of personal hygiene.
- Personal devices.
- Untrusted storage devices.
Closing remarks and questions.
The program is beneficial to all persons working for entities involved in hydrogen production, distribution, storage, use, research and development. It has been designed for all persons having authorized access to systems and data.
One hour to half day, depending on the needs, the content of the program and the case studies.
Delivery format of the training program
a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.
Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.
George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials: https://www.cyber-risk-gmbh.com/George_Lekatis_Testimonials.pdf
Terms and conditions.
You may visit: https://www.cyber-risk-gmbh.com/Terms.html
Cyber Risk GmbH
Tel: +41 79 505 89 60
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.