Cyberattacks against energy and utilities industry increasing

Vectra research finds most cyberattacks against the energy and utilities industry transpire and thrive inside enterprise IT networks rather than critical infrastructure.

  • 6 years ago Posted in
Vectra has revealed that while industrial control systems are in the crosshairs, most cyberattacks against energy and utilities firms occur and succeed inside enterprise IT networks, not in the critical infrastructure.

 

Published in the Vectra 2018 Spotlight Report on Energy and Utilities, these and other key findings underscore the importance of detecting hidden threat behaviors inside enterprise IT networks before cyberattackers have a chance to spy, spread and steal. These threat behaviors reveal that carefully orchestrated attack campaigns occur over many months.

 

Cybercriminals have been launching carefully orchestrated attack campaigns against energy and utilities networks for years. Often lasting several months, these slow, quiet reconnaissance missions involve observing operator behaviors and building a unique plan of attack.

 

“When attackers move laterally inside a network, it exposes a larger attack surface that increases the risk of data acquisition and exfiltration,” said Branndon Kelley, CIO of American Municipal Power, a nonprofit electric-power generator utility that serves municipalities in nine states that own their own electric system. “It’s imperative to monitor all network traffic to detect these and other attacker behaviors early and consistently.”

 

Remote attackers typically gain a foothold in energy and utilities networks by staging malware and spear-phishing to steal administrative credentials. Once inside, they use administrative connections and protocols to perform reconnaissance and spread laterally in search of confidential data about industrial control systems.

 

“The covert abuse of administrative credentials provides attackers with unconstrained access to critical infrastructure systems and data,” said David Monahan, managing research director of security and risk management at Enterprise Management Associates. “This is one of the most crucial risk areas in the cyberattack lifecycle.”

 

Other key findings in the 2018 Spotlight Report on Energy and Utilities include:

§  During the command-and-control phase of attack, 194 malicious external remote access behaviors were detected per 10,000 host devices and workloads.

§  314 lateral movement attack behaviors were detected per 10,000 host devices and workloads.

§  In the exfiltration phase of the cyberattack lifecycle, 293 data smuggler behaviors were detected per 10,000 host devices and workloads.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...