With the advent of cryptocurrencies, the vast number of privileged inter-company interactions, and the digitization of critical operations, the utility sector is under greater threat than ever from cyberattacks. To combat these new risks, utilities must protect themselves with a comprehensive cybersecurity strategy focused not only on prevention but also on detection and emergency response.
But what are the new risks facing utility companies?
Ransomware is quickly on the way up, with this type of attack now constituting a whopping 39% of all malware cases according to Verizon’s report.1 This strategy involves locking down critical systems and demanding payment for the release of data.
The city of Atlanta was the victim of a highly-publicized ransomware attack demanding a little over $50,000 worth of bitcoin; however, the city refused to pay the ransom and instead carried out its own emergency system recovery for a total cost of $2.6M.2 This example is common of ransomware operations in that the payment demanded was well below the costs of carrying out the emergency repairs. While paying up may seem like the best option, there is no guarantee that the cybercriminals will honor the terms of the ransom (see what happened to Kansas Hospital).
According to the FBI, ransomware attacks have been on the rise over the past three years, especially against organizations that serve the public.3 This is driven by the increasingly critical role digital systems play in large organizations and the anonymity afforded by cryptocurrency payments. The FBI advises against paying up in ransomware attacks unless absolutely necessary.4
Cryptojacking is a new type of cyber-attack that infects computer systems and uses their resources to mine cryptocurrency. This threat can be considered more as a parasite than a direct attack, as the goal is to leach off the system rather than shut it down or rob funds.
A water utility in Europe was recently the victim of cryptojacking; the malware made its way into the system through the SCADA network and operated for approximately three weeks before being detected.5 This type of threat slows down computing operations and may lead to an unacceptable delay of SCADA communications, causing serious problems for time-critical operations such as the operation of circuit-breakers on power distribution networks.
Spear Phishing Attacks are a modern twist on an old classic. Traditional phishing attacks cast the net as wide as possible to trick any member of the public into giving up sensitive information such as credit card details. These attacks have become easy to identify, leading cybercriminals to move on to the more sophisticated method of spear phishing, which involves researching and attacking a select group of targets. This is an important technique to watch out for considering that 91% of cyber-attacks begin with a spear phishing email.6
Spear Phishing
Critical Infrastructure Attacks are a growing risk as foreign governments start to take advantage of the digitalization of key infrastructure. According to the Department of Homeland Security and the FBI, Russian government cyber actors have been targeting government entities and critical infrastructure (including energy and water) since March 2016.7
These threats typically begin by first infecting a staging target (a software system closely linked to and trusted by the main target) and then using it to get directly to the intended target. The Russian government appears to be primarily gathering information and probing for weaknesses; however, this behavior could escalate into destructive attacks on key infrastructure leaving parts of the country without energy or water.
Supply Chain Attacks take advantage of trusted digital relationships between companies to get malware into target organizations. In World War II, France invested heavily in fortifying their eastern border only to find that the Germans stormed through Belgium and attacked from the north. Similarly, cyber-attacks can easily get into your company via a third party. No matter how much you secure your own system, compromised third parties with privileged access to your critical systems can provide a pathway for malware to get in.
Supply Chain Attack
At least 56% of respondents in the Ponemon’s third-party data risk study reported having experienced a third-party data breach.8
Considering the growing threat posed by these new types of cyber-attacks, it is important that utilities setup a robust cybersecurity strategy focused on preventing malware getting into their systems, detecting malware that manages to get in, and responding quickly to emergency events.
Prevention
As spear phishing is one of the most common causes of malware infection, utilities should work with their staff to prevent this type of attack. Here are three useful tips:
- Avoid putting too much company or personal information online as this could help cybercriminals come up with believable emails
- Avoid clicking links in emails. Check the sender of the email and hover over the link to carefully check whether the URL is a trustworthy site before clicking
- Invest in anti-malware software for more advanced protection including automatic sandboxing of incoming emails
Supply chain attacks also require careful attention as digital relationships with third parties are a big security hole for many utility companies. Do you trust your software vendors? Do you trust your cloud service provider? Do you have a complete list of every organization with privileged access to your system? How secure are their systems? These are the questions you need to start asking yourself if you want to protect yourself.
The utility industry is moving enthusiastically into the cloud; while this technology offers great business benefits, it can also significantly increase exposure to supply chain attacks. When deciding to work with a SaaS (Software as a Service) provider, utilities must ensure themselves that the chosen solution has cybersecurity built in from the bottom up.
Detection
Even with the best line of defense, there is always a chance that a bad actor will get into your system; new threats such as crypto-mining and surveillance by foreign governments don’t draw attention to themselves by stealing money or demanding ransom, so they could easily operate within your organization for weeks or months without detection.
Crypto-currency mining operations consume a large amount of system resource and require frequent online interactions. A comprehensive system monitoring tool can greatly increase the chance of catching rogue applications operating on your system.
As for hostile foreign governments, the US Computer Emergency Readiness Team has prepared a detailed list of suggested measures for both detection and prevention.
Response
On top of prevention and detection, utilities must know how to respond to cyber-attacks, which is why the North American Electric Reliability Corp (NERC) held a simulated cyberattack exercise called GridEx, involving 450 participating organizations. One of the key findings was that utilities need a stronger relationship with third-party software vendors; as these organizations were not contacted during the exercise despite their critical role in cybersecurity.9
At Open, we let utilities enjoy our world-class CIS and field service management solution with the confidence that they are protected by our robust cybersecurity strategy. Our cloud-based service is powered by Microsoft Azure, the platform with the most rigorous security standards on the market to prevent intrusion of malware via supply chain attack. Our system monitoring solution, Open Vital Signs, gives you complete visibility of how our solution is running on your system, helping you to detect any rogue activity consuming system resources and catch cryptojacking operations in their tracks. As for response, when you work with us you have the peace of mind that our knowledgeable support team is at your disposal 24/7 to get your system back up in running in the case of a cyber-attack emergency.
If you are considering CIS and/or mobile workforce management solutions with all the benefits of the cloud, Smartflex offers a bulletproof platform that puts cybersecurity front and center.
(1) https://www.washingtontimes.com/news/2018/apr/10/ransomware-behind-39-percent-malware-cases-verizon/
(2) https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/
(3) https://www.npr.org/sections/thetwo-way/2018/03/30/597987182/as-atlanta-seeks-to-restore-services-ransomware-attacks-are-on-the-rise
(4) https://www.forbes.com/sites/haroldstark/2017/02/28/when-attacked-by-ransomware-the-fbi-says-you-shouldnt-pay-up
(5) http://www.eweek.com/security/water-utility-in-europe-hit-by-cryptocurrency-malware-mining-attack
(6) https://digitalguardian.com/blog/91-percent-cyber-attacks-start-phishing-email-heres-how-protect-against-phishing
(7) https://www.us-cert.gov/ncas/alerts/TA18-074A
(8) https://www.opus.com/ponemon/
(9) https://www.utilitydive.com/news/nerc-utilities-failed-to-contact-vendors-during-gridex-cyberattack-simulat/520697/