F-Secure has released a new report that highlights how the energy industry is vulnerable to the increasing attacks of cyber sabotage and espionage.
The new F-Secure report highlights that threat actors are persistent and equipped with advanced technologies. While companies are using outdated systems and technologies to save money. A shortsighted attitude towards security, F-Secure points out. This, combined with a lack of priorityization and awareness of security, offers real’regals’ for attackers, warns F-Secure.
According to the report, malicious people are targeting national critical infrastructure sites (Cni, Critical National Infrastructure) and energy distribution centres in an exponential manner. Interconnected systems in the energy industry increase vulnerabilities, and often cyber attacks are not detected for a long time.
• Sabotage and espionage against CNI organizations have increased over the years and I don’t think we’ve seen everything before. • • • • • • • • • • Sami Ruohonen, Labs Threat Researcher of the Finnish cyber security F-Secure multinational, explained.
Industrial Control Systems (ICS) are increasingly connected to the Internet. In addition, a considerable number of Cni systems in use today were installed and built before Internet connectivity 24/7/365 was the norm and before the advent of Stuxnet.
Many components of Operational Technology (Ot) have integrated remote management features. But they are partially or totally lacking in security protocols such as authentication.
Furthermore, cybersecurity was not a realistic threat when these systems were produced and protocols and legacy systems never had the integrated security controls that we take for granted today. The transition of these systems on the Internet has opened them up to the possibility of attacks from a myriad of angles.
Energy industry is a target
• The critical infrastructure because of its nature is an interesting target for a foreign state even in peacetime, • Ruohonen points out.
The new F-Secure report A report on attacks in the energy industry is highlighting several points.
• A variety of different opponents, each with their own motivations and techniques, constantly try to compromise organizations that manage critical infrastructure.
• The attackers have much more time than their targets and will take months to plan their attack.
• People are the weakest link in the productive fields, and employees of the company are apparently the targets of criminals.
• The attackers continue to succeed mainly due to the lack of mature cybersecurity practices by organizations.
• The Advanced Persistent Threat (Apt) groups sponsored by the States are relentless. They continue to seek access points in the networks of the Cni and opportunities of espionage to exercise a political lever.
The nine attack techniques
Nine different attackers/malware/techniques are distinguished that affect the energy industry. With the spear phishing that turns out the initial technique of attack more common to the supply chain.
Keeping a small attack surface in the energy sector, although often it is the best way to mitigate the risk of a cyber attack, is simply not possible.
The report highlights the following nine different threats to the energy industry.
Operation Sharpshooter (Lazarus Group)
GreyEnergy (the successor of the BlackEnergy Group)
Malware BlackEnergy 1, 2 and 3
Sidechannel ICS type attachment
The F-Secure’s advice
As data breaches are a certainty, Ruohonen advises organizations to review their cybersecurity strategy to implement the latest available technologies, such as endpoint detection and response solutions (Edr).
• Edr is a fast way to significantly increase detection capabilities of both advanced threats and targeted attacks that could overcome traditional endpoint protection solutions. Edr managed solutions can provide 24/7 monitoring, alert sending and response capabilities. This means that the organization’s It teams can work during working hours to review the findings, while a team of specialized cybersecurity resources takes care of everything else. Ruohonen explained.
The full F-Secure report is available in Pdf at this direct link. More information is available on the F-Secure blog, at this link.
More information about F-Secure’s activities and solutions is available on the company’s website at this link.