The threat landscape in cybersecurity is constantly evolving, reacting to the changing world around it. Whether it be newly found vulnerabilities, new types of ransomware, or supply chain attacks, increasingly sophisticated cyber threats – and some of the old ones – continue to target areas of national interest. The energy sector is no exception.
Here is an exploration of the top five cyberattacks that targeted electricity organizations in 2021:
Top 5 Threats
-
- Ransomware attacks. Ransomware attacks were the most common threat to organizations that use operational technology (OT) in 2020, states data from IBM Security X-Force. When fellow energy-sector company Colonial Pipeline was hit by DarkSide, a malicious ransomware-as-a-service, in 2021, it “also showed how open our energy infrastructure is to cyber attacks.” DarkSide also targeted Norwegian energy technology company Volue ASA, disrupting employee applications and workstations. Rather than holding exfiltrated data for ransom, the files were encrypted – to be decrypted upon payment. The malware also targeted state-owned Brazilian energy utility COPEL, exfiltrating over 1000 gigabytes of data. Seeing the damage one ransomware gang can do raises questions about the capabilities of nation-state attacks. When asked in 2021 whether US adversaries have the capability of interrupting the electricity grid, US Energy Secretary Jennifer Granholm stated, “Yes they do”. She added, “I think there are very malign actors who are trying. Even as we speak, there are thousands of attacks on all aspects of the energy sector and the private sector, generally”.
-
- Supply chain attacks. Referred to as the “year of the software supply chain attacks”, 2021 brought a warning to all utilities running software – which includes the electricity sector. The Department of Homeland Security (DHS) and Office of the Director of National Intelligence released an electricity infrastructure summary as early as 2016, noting it is “a 20th century unidirectional system with relatively linear generation, transmission, and distribution that is evolving into a 21st century multidirectional system with non-linear generation and complex distribution.” In addition to the challenges brought about by old infrastructure, the supply chain for the electricity sector is “increasingly attractive” as a threat vector due to its globalization, which causes lack of visibility and makes this critical infrastructure an easy target. Well-aware of the issue, Cheri Caddy, senior advisor for cybersecurity in DOE’s Office of Cybersecurity, Energy Security and Emergency Response (CESER) stated, “We really can’t tell a lot about where code is developed. It’s assembled from all over the world. Software developers, of course, reuse code libraries, so we don’t know where it comes from. … So it is definitely a potential supply chain vulnerability.” To mitigate this, CESAR is developing “Policies to address digital supply chain vulnerabilities” to be delivered to the White House this year. Says Caddy, “”We’re looking at the full range of policy solutions, and the White House has encouraged us to really think outside of the box.”
-
- Remote work attacks. “When you are working from home, you are not behind the castle walls any more,” warned John Hammond, a cybersecurity researcher at the security firm Huntress. 2021’s work-from-home transition came with some critical risks for an energy sector comprised of essential workers and forced to make the transition – ready or not. According to a 2021 HP security report, 70% of office workers surveyed admit to using their work devices for personal tasks, while 69% are using personal laptops or printers for work activities.” Nearly 30% admitted to sharing devices. Interestingly, the same study revealed “54% of ITDMs saw an increase in phishing; 56% an increase in web browser related infections” and “44% saw compromised devices being used to infect the wider business.” The electricity sector’s employee base of essential workers had to work during the pandemic, and largely did so remotely. In an Electricity Pulse Survey, it was shown that prior to the pandemic, 44% worked remotely. At the time the survey was taken in 2020, the number of was nearly 80%.
-
- OT attacks. Dragos reported that operational technology (OT) attacks tripled in 2020, and in June 2021, CISA published a fact sheet addressing the issue, stating “In recent months, ransomware attacks targeting critical infrastructure have demonstrated the rising threat of ransomware to operational technology (OT) assets and control systems.” Outdated Operational Technology (OT) and Information Technology (IT) are being combined as the digital transformation progresses. This creates specific problems, as many OT systems are far behind in cybersecurity protocols and are unable to receive even remote updates. The US Department of Energy states “Energy companies have few tools to analyze…OT systems for malicious activity, in significant contrast to their information technology (IT) networks.” Consequently, bad actors can leverage those weak points of entry within an OT and pivot to internal IT networks, wreaking havoc.
- Mobile attacks. Bleeping Computer reports that mobile phishing attacks on the energy sector surged by 161% from 2020 to 2021. It continues, ” In terms of geographic targeting, Asia-Pacific tops the list, followed by Europe and then North America. However, there is a rising trend in phishing attacks targeting the global energy industry across the world.” A large portion is due to VPN credential stealing and out-of-date Android operating systems. “Outdated versions of Google and Apple operating systems are still in use across the energy industry. Old versions expose organizations to hundreds of vulnerabilities that can be exploited by bad actors seeking access to an organization’s environment,” explains a report from Lookout.
Securing Our Electricity Resources
The US electric grid has over “7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines and millions of miles of low-voltage distribution lines” and has been referred to as the “largest interconnected machine” in the world. As such, its sprawling networks are particularly vulnerable to each of the above attacks promulgated so rampantly in 2021. The International Energy Agency stated that for electricity systems in particular, “the threat of cyberattack is substantial and growing, and threat actors are becoming increasingly sophisticated at carrying out attacks – both in their destructive capabilities and their ability to identify vulnerabilities”. As threats increase in sophistication, so must cyber defenses.
Every hospital that is able to operate, cell phone tower that allows communication and power plant that provides electricity to thousands of homes is at the mercy of measures that mitigate cyberattacks. Defending our energy assets not only secures the sector, but everything it protects.
It’s easy to feel lost in the multitude of ever-evolving threats that might affect your business, but Itegriti has a team of dedicated professionals who can help you.