When hackers wanted to break into an energy company’s network, they targeted computers at the company's outside law firm in London using a so-called watering hole—a website that lures employees in order to deliver malware to their computers.
In today’s hack-happy atmosphere, the story serves as a cautionary tale for law firms and their client companies everywhere.
Infosecurity magazine, a U.K.-based global online publication for information tech and security professionals, said the hacking in late February was part of a broader ongoing attack, dubbed “LightsOut,” on energy companies. LightsOut hackers seek to install remote-access tools and intelligence-gathering malware that could potentially be used to knock out an energy grid, it said.
The article didn’t name the energy company targeted, but said the law firm was Thirty Nine Essex Street, which has an energy law practice. Alastair Davidson, a spokesman at the law firm, confirmed to CorpCounsel.com on Thursday that the attack occurred.
“It was a fairly sophisticated attempt involving redirection,” Davidson said. That means a firm employee clicks on a link that allows malware to be downloaded onto the employee’s computer in order to redirect it into a client company’s computer system.
It worked, briefly.
Davidson said, “A website was compromised for less than 24 hours,” the attack was thwarted and certain precautions have been taken. He declined to elaborate.
Researcher Chris Mannon said on a blog called Zscaler that an attacker runs diagnostic checks on its victim’s computer to make sure it can be exploited. The diagnostics show up in an administrator’s log and can be used to identify an attack on a system, he explained.
After the diagnostics check out, Mannon said the attacker delivers a malicious payload “from the LightsOut exploit kit.”
Another blog cited by Mannon offered details about what companies hackers wish to exploit. This blog credited a threat researcher at Cisco Systems Inc. for listing the targets as:
An oil and gas exploration firm with operations in Africa, Morocco and Brazil.
A company that owns multiple hydroelectric plants throughout the Czech Republic and Bulgaria.
A natural-gas power station in the U.K.
A gas distributor located in France.
An industrial supplier to the energy, nuclear and aerospace industries.
Various investment and capital firms that specialize in the energy sector.
News reports over the past year have alleged links to Russia, China and Iran in attempts to hack into energy systems around the world.
As for this particular law firm attack, Mannon warned, “The victim site is no longer compromised, but viewers should show restraint and better browsing practices when visiting.”