Energy


  • Operation Sharpshooter Uses Fileless Malware to Attack Global Infrastructure

    December 12, 2018

    The McAfee Advanced Threat Research team detected a malware campaign dubbed Operation Sharpshooter which attacked nuclear, defense, energy, and financial targets from all over the world. As detailed by McAfee’s research team, the campaign dubbed “Operation Sharpshooter” makes use of an in-memory essential to download and execute a second stage payload named Rising Sun. Moreover, the Rising Sun implant ...

  • Saipem servers suffer cyber attack in Middle East

    December 10, 2018

    Italian oil services company Saipem (SPMI.MI) said it had identified a cyber attack out of India on Monday that had primarily affected its servers in the Middle East. “We are collecting all the elements useful for assessing the impact on our infrastructures and the actions to be taken to restore normal activities,” the firm said in ...

  • Cloud, cars and IoT could change grid cybersecurity

    November 6, 2018

    The proliferation of connected devices including electric cars could provide grid operators with an operational view of cybersecurity threats and change the way the grid is secured, said Karen Evans, assistant secretary of the Energy Department’s Office of Cybersecurity, Energy Security, and Emergency Response. While experts generally consider the internet of things to be a risky ...

  • Hackers obtain nuclear power plant plans in France

    November 2, 2018

    Thousands of sensitive documents pertaining to nuclear power plants, prisons and tram networks have been stolen from the servers of a French company in a cyberattack, German and French media have reported Friday. The data illegally accessed from the French company Ingerop back in June amounted to more than 65 gigabytes, according to reports by German ...

  • Utilities, Energy Sector Attacked Mainly Via IT, Not ICS

    November 1, 2018

    Stealing administrative credentials to carry out months-long spy campaigns is a top threat. While industrial control systems (ICS) are the most talked-about when it comes to cyberattacks against energy and utilities firms, most attacks actually take aim at the enterprise IT networks used by these organizations, rather than critical infrastructure itself. The Vectra 2018 Spotlight Report on Energy and ...

  • Industry backs Norway’s AI powerhouse project

    October 2, 2018

    Norway is stepping up its efforts in the rapidly evolving and increasingly commercial artificial intelligence (AI) sector. Participants in the latest programme want to reduce the country’s reliance on oil revenues by tapping into AI opportunities in its growing technology sector. Norway has traditionally played a junior role in the context of Nordic technology development, investment and ...

  • An insider view of a cybersecurity training workshop for employees of Europe’s transmission system operators.

    October 1, 2018

    After the hackers had stealthily accessed the SCADA system and blew the transformer with a loud bang, the defenceless employees had no option but to remove the control plugs and manually turn the machine back on. “That’s what they had to do in Ukraine,” said Michael John, Director of Operations at the European Network for Cybersecurity (ENCS), referring to the world’s ...

  • Cyber security threat to Britain’s oil and gas sites as attack could cause ‘unprecedented damage’

    August 17, 2018

    Brian Lord OBE says a successful attack on its infrastructure could cause “unprecedented damage” and “unrest across the world”. With a complex ecosystem of computation, networking, and physical operational processes spread around the world the industry has a large attack surface with many attack vectors. A typical large oil and gas company uses half a million processors ...

  • Can you recover the power grid after a cyberattack? The Department of Energy finds out

    August 6, 2018

    The US Department of Energy (DoE) is planning a “hands-on” test of the real-world consequences associated with successful cyberattacks against core country services. Cyberattacks levied against critical infrastructure, smart grids, and utilities are not a future possibility; but rather, they are happening now. Ukraine’s power grid blackout in 2016 was one of the first real indicators that ...

  • Poor cybersecurity could destabilise increasingly complex energy grids

    July 26, 2018

    The future of smart energy grids, with automatic management of both supply and demand, is “looking really interesting”, says Phil Kernick, chief technology officer at security firm CQR Consulting. But the current state of the technology and its security is a problem. “The distribution systems and the generation systems were deployed a decade and a half ...

  • No big deal… Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities

    July 24, 2018

      The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America’s critical infrastructure. Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, ...

  • DNV GL launches cyber security recommended practice

    May 27, 2018

    DNV GL has published a ‘recommended practice on cyber security’ for the oil and gas industry, looking at ‘operational technology’ – such as control and automation systems. The recommended practice addresses how oil and gas companies, together with system integrators and vendors, can manage the cyber threat. The recommended practice is the result of a two-year joint ...

  • A critical security flaw in popular industrial software put power plants at risk

    May 2, 2018

    A severe vulnerability in a widely used industrial control software could have been used to disrupt and shut down power plants and other critical infrastructure. Researchers at security firm Tenable found the flaw in the popular Schneider Electric software, used across the manufacturing and power industries, which if exploited could have allowed a skilled attacker to ...

  • Smart meters could leave British homes vulnerable to cyber attacks, experts have warned

    February 18, 2018

    New smart energy meters that the Government wants to be installed in millions of homes will leave householders vulnerable to cyber attacks, ministers have been warned. The intelligence agency GCHQ is said to have raised concerns over the security of the meters, which could enable hackers to steal personal details and defraud consumers by tampering with ...

  • Plague of the Cyber RATs: How a toxic computer code delivered by ‘Remote Access Trojans’ is an invisible army able to take over a petrochemical plant

    February 17, 2018

    On a broiling day last August, managers of a huge petrochemical plant in Saudi Arabia discovered to their horror that it had been attacked. The consequences could have been catastrophic: the invaders had seized command of its computerised control-and-safety system, and had the power to damage it severely. The attackers carried no guns, explosives, or conventional weapons. Yet ...

  • UK names Russia as source of NotPetya, USA follows suit

    February 15, 2018

    The United Kingdon’s Foreign and Commonwealth Office has formally “attributed the NotPetya cyber-attack to the Russian Government”, specifically the nation’s military. “The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity,” said a February-15th-dated statement from Foreign Office Minister for Cyber Security Lord (Tariq) Ahmad of ...

  • Analysts: U.S. nuclear modernization plan under-invests in cybersecurity

    January 23, 2018

    The nuclear posture review specifically mentions “expanding threats in space and cyberspace.” Since a leaked draft of the Defense Department’s nuclear posture review was revealed by the Huffington Post, analysts and arms control experts have sounded alarms about language in the document that suggests the Trump administration would broaden the scenarios where it would be acceptable ...

  • Trisis has the security world spooked, stumped and searching for answers

    January 16, 2018

    More than four months have passed since a novel, highly sophisticated piece of malware forced an important oil and gas facility in the Middle East to suddenly shut down, but cybersecurity analysts still don’t know who wrote the code. Since last August, multiple teams of researchers in the public and private sectors have been examining what the ...

  • Dragonfly 2.0: Hacking Group Infiltrated European and US Power Facilities

    September 7, 2017

    The notorious hacking group that has been in operation since at least 2011 has re-emerged and is still interested in targeting the United States and European companies in the energy sector. Yes, I am talking about the ‘Dragonfly,’ a well-resourced, Eastern European hacking group responsible for sophisticated cyber-espionage campaigns against the critical infrastructure of energy companies in different ...

  • Many Factors Conspire in ICS/SCADA Attacks

    August 11, 2017

    Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The space of ICS/SCADA has not changed much, so you can find devices running old OSes ...