Preventing State-Sponsored Attack on Critical National Infrastructure
An employee of a organisation who provide Critical National Infrastructure resued the same passwords across multiple services.
Client Background
A UK-based critical national infrastructure company operating extensive SCADA systems utilised Cyber Overwatch to protect its vital operations and sensitive control systems from cyber threats.
Challenge
An employee reused credentials across multiple third-party platforms, inadvertently providing a potential attack vector for cyber threat actors. These credentials were compromised externally and subsequently leveraged by a state-sponsored actor in an attempted breach targeting the company's SCADA infrastructure.
Cyber Overwatch’s Response
Cyber Overwatch swiftly identified the users credentials being used to pass phases of sign-on and unusual access attempts to SCADA systems through real-time monitoring and behavioural analytics. The immediate detection flagged the compromised credentials being used from atypical geographical locations and unusual network pathways, strongly indicative of state-sponsored cyber activity.
Our threat-hunting team quickly correlated these attempts with intelligence data, confirming the severity and source of the threat.
Resolution
Cyber Overwatch promptly alerted the client's operational teams, delivering precise evidence of the attempted breach. Immediate action was taken by Cyber Overwatch under our rules of engagement, to revoke compromised credentials, isolate targeted systems, and enhance access control measures around SCADA infrastructure.
This decisive intervention prevented any unauthorised access to critical operational systems, preserving the integrity and continuity of national infrastructure operations. Access was also revoked to all third party (TPRM) platforms the user accessed.
Ongoing Prevention
Following the incident, Cyber Overwatch assisted the client in implementing robust multi-factor authentication (MFA) across their third party supplier systems as well as garnering support for the rigorous credential management policies we had recommended prior to the incident. We also helped HR to implement comprehensive staff education programmes to reinforce the importance of unique, secure credentials. These recommendations struggled to get board support prior to the incident.
Continuous monitoring and advanced threat detection remain in place to provide real-time protection against similar high-risk threats.
Outcome
Cyber Overwatch's rapid detection, clear evidence, and proactive response successfully thwarted a potentially devastating cyberattack. The strengthened cybersecurity posture now provides enhanced protection, ensuring the reliable operation of critical national infrastructure against future sophisticated threats.