- RagnarLocker ransomware hits EDP energy giant, asks for €10M
April 14, 2020
Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind energy. The company is present ...
- What to know about cyberattacks targeting energy pipelines
March 1, 2020
The Department of Homeland Security (DHS) this past month disclosed a disruptive cyberattack on a U.S. energy facility, raising new concerns about protections for energy providers. The Cybersecurity and Infrastructure Security Agency (CISA), a division of DHS, said a ransomware attack hit a “natural gas compression facility,” leading to a two-day shutdown for the entire pipeline. While the agency ...
- Ransomware Hits U.S. Electric Utility
February 27, 2020
The Reading Municipal Light Department (RMLD) was infected with ransomware, as revealed in a statement by the electric utility. RMLD did not disclose the details on how their system was infected or the demands of the group behind the malware. There was also no indication of plans to pay ransom to the threat actors. RMLD is an electric utility in ...
- Researchers Use Smart Light Bulbs to Infiltrate Networks
February 6, 2020
Researchers successfully infiltrated networks through a vulnerability in Philips Hue light bulbs. The CVE-2020-6007 vulnerability, which involves the ZigBee communication protocol, can be abused to remotely install malicious firmware in smart light bulbs and spread malware to other internet-of-things (IoT) devices. To make the discovery, Check Point researchers built on earlier studies that showed how to control smart light bulbs. The new finding focused ...
- European Energy Sector Organization Targeted by PupyRAT Malware in Late 2019
January 23, 2020
Over the course of the last year, Recorded Future research has demonstrated that Iran-nexus groups, possibly including APT33 (also called Elfin), have been prolific in amassing operational network infrastructure throughout 2019. Additionally, in November 2019, Microsoft disclosed that APT33 had shifted focus from targeting IT networks to physical control systems used in electric utilities, manufacturing, and oil refineries. We ...
- Zeppelin: Russian Ransomware Targets High Profile Users in the U.S. and Europe
January 11, 2020
Zeppelin is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family initially known as Vega or VegaLocker. Although it’s clearly based on the same code and shares most of its features with its predecessors, the campaign that it’s been part of differs significantly from campaigns involving the previous versions of this malware. Vega samples were first ...
- Oil-and-Gas APT Pivots to U.S. Power Plants
January 10, 2020
A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part of a broader trend in which cybercriminals focused on critical infrastructure are branching ...
- ICS Cyberwarfare: The Latest Threat to America’s Power Grid
November 20, 2019
The modern world is dependent on electricity, and the United States is no exception. I remember the notorious blackouts that affected the eastern U.S. and Canada in August 2003. The duration of the mass power outage lasted anywhere between several hours and a week depending on where you were. I was in Hamilton, Canada, and ...
- 17 US utility firms targeted by mysterious state-sponsored group
September 24, 2019
A mysterious state-sponsored hacking group has targeted at least 17 US utility firms with phishing emails for a five-month period between April 5 and August 29, Proofpoint reported today. The purpose of these attacks was to infect employees at US utility firms with LookBack, a remote access trojan with an extensive set of features. While no formal ...
- Cyber-security incident at US power grid entity linked to unpatched firewalls
September 9, 2019
A cyber-security incident that impacted a US power grid entity earlier this year was not as dangerous as initially thought, the North American Electric Reliability Corporation (NERC) said last week. In a report highlighting the “lessons learned” from a past incident, NERC said hackers repeatedly caused firewalls to reboot for about ten hours, on March 5, ...
- ACSC helps power energy sector’s cybersecurity capabilities
September 4, 2019
The Australian Cyber Security Centre (ACSC) has plugged into energy sector organisations and government agencies to help power their cybersecurity capabilities. The nationwide program — which started in November 2018 – aims to improve the energy industry’s cyber threat resilience and responses. So far, the ACSC has provided cybersecurity incident response and exercise training, information exchange sessions on operational ...
- AMEO ‘concerned’ about nation-state attacks on power grids
August 22, 2019
“For the energy sectors and critical infrastructure sectors, particularly around electricity, we are concerned about nation-state actors,” says Tim Daly, chief security officer (CSO) for the Australian Energy Market Operator (AEMO). “Nation-states are looking to have capability and implants that are persistent within critical organisations,” he told the Gartner Security and Risk Management Summit in Sydney ...
- Adwind Remote Access Trojan Hits Utilities Sector
August 19, 2019
Attackers are targeting entities from the utility industry with the Adwind Remote Access Trojan (RAT) malware via a malspam campaign that uses URL redirection to malicious payloads. Adwind (also known as jRAT, AlienSpy, JSocket, and Sockrat) is distributed by its developers to threat actors under a malware-as-a-service (MaaS) model and it is capable of evading detection by most major anti-malware ...
- How Threat Intelligence Helps the Energy Sector Fight Cyberespionage
August 13, 2019
When it comes to cyber threats, some industries have it harder than others. Few are as heavily targeted by sophisticated cyberattacks as the energy sector. Over the last decade, state-sponsored hacking groups have routinely targeted utility networks and other energy providers for the purposes of espionage and disruption. And according to the latest research, advanced persistent threat (APT) ...
- US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks
July 2, 2019
The US is very close to improving power grid security by mandating the use of “retro” (analog, manual) technologies on US power grids as a defensive measure against foreign cyber-attacks that could bring down power distribution as a result. The idea is to use “retro” technology to isolate the grid’s most important control systems, to limit ...
- U.S. Escalates Online Attacks on Russia’s Power Grid
June 15, 2019
The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said. In interviews over the past three months, the officials described the previously ...
- Researchers Link ‘Sharpshooter’ Cyber Attacks to North Korean Hackers
March 4, 2019
Security researchers have finally, with “high confidence,” linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group. Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement. Dubbed Operation Sharpshooter, the cyber espionage ...
- South African Power Firm Eskom Fails To Secure Customer Data
February 6, 2019
A security researcher resorted to a public tweet about a serious data breach involving customer data, after a South African electricity provider ignored all other pleas to resolve the leak. Security researcher Devin Stokes issued the public tweet to Eskom, which is South Africa’s state-owned electricity company. The fact that Eskom, which supplies 95 percent of the electricity ...
- GreyEnergy’s overlap with Zebrocy
January 24, 2019
In October 2018, ESET published a report describing a set of activity they called GreyEnergy, which is believed to be a successor to BlackEnergy group. BlackEnergy (a.k.a. Sandworm) is best known, among other things, for having been involved in attacks against Ukrainian energy facilities in 2015, which led to power outages. Like its predecessor, GreyEnergy malware has ...
- Electric Vehicle Charging Stations Open to IoT Attacks
December 14, 2018
Flaws could allow an attacker to stop or start a home charging station, or even change the current in order to start a fire. Given that creating proof-of-concept (PoC) cyberattacks for the Internet of Things (IoT) is essentially like shooting fish in a barrel these days, perhaps it’s not exactly surprising that a new niche category ...