The energy space is a highly attractive target for cyberattacks, with potentially major repercussions. It is also an industry that is notoriously slow to adopt new advanced cybersecurity measures. The slowness of the industry in adopting new security solutions is evidenced by global utilities lagging behind aligning themselves with cybersecurity standards.
Interconnected devices are becoming the standard across all facets of technology. We are seeing this in everything from smart cities to tea pots and toasters. New IoT devices are popping up daily, rapidly adding to the 23 billion that already exist. These devices are designed for availability, accuracy and efficient work. Unfortunately, unprecedented numbers of these devices are hitting the market with poor security access control and little to no management oversight, making them a prime target for cyberattack. The goal of an attack is to control the device, but more common and concerning are the new ways an attacker can use devices to gain access to corporate, medical or operational networks. As a result, organizations must change the way they approach their security controls. It is no longer feasible to assume a security team can find every endpoint device, much less secure them.
Unlike other security solutions, Attivo focuses on detecting the threats that have bypassed perimeter security controls, which all determined attackers eventually do. Highly authentic deception traps, along with data, application, and credential lures are deployed to attract an attacker into engaging and revealing their presence. This is quick, efficient, and customers have cited being able to detect and respond to threats in 15 minutes, a dramatic difference compared to the 100+ days of dwell time that many organizations contend with. The solution also adds continuous detection value throughout the phases of the kill chain.
Utility-backed venture capital firm invests in company to secure energy operations and security infrastructure Fremont, CA – March 21, 2019 – Attivo Networks®, the award-winning leader in deception for cybersecurity threat detection, today announced that Energy Impact Partners (EIP), a leading utility-backed energy investment and innovation firm, has become a strategic investor in the company. The funding enables Attivo Networks to expand its portfolio of energy sector-specific deception technology and increase its go-to-market activities to broaden its customer base of utility companies around the world.
It’s a surprise to no one that computer systems need enhanced protection to reduce their susceptibility to cyberattacks, as recent events such as the WannaCry and NotPetya attacks have shown us. These infestations proved that government operations and critical infrastructures are as much at risk as corporate systems.
Of particular concern are energy distribution systems, which support nearly every activity in modern society. With this in mind, security professionals at energy companies are exploring ways to protect their operations and our way of life.
Researchers have discovered multiple unpatched vulnerabilities in different radiation monitoring devices that could be leveraged by attackers to reduce personnel safety, delay detection of radiation leaks, or help international smuggling of radioactive material.
In a paper (PDF) delivered by Ruben Santamarta, principal security consultant at Seattle-based IOActive, at Black Hat Wednesday, it was disclosed that radiation monitors supplied by Ludlum, Mirion and Digi contain multiple vulnerabilities.
Written By: Carolyn Crandall, CMO & Chief Deception Officer -Recently, SC Magazine published an article covering several vulnerabilities that Positive Technologies found in GE supervisory control and data acquisition (SCADA) systems where an attacker could intercept passwords and disrupt utility and factory operations. While this particular vulnerability is limited to GE Proficy and Cimplicity SCADA systems, other manufacturers face similar issues. Such vulnerabilities are troubling because most companies are unable to reliably monitor the networks where SCADA systems communicate, nor are they consistently patched and updated. SCADA systems were meant to be open, robust, and easily operated and repaired, and as such, security is not natively part of their design. Many of these solutions also run on older XP operating systems, where security patches are no longer available and given the cost and complexity to upgrade, are kept in production. As a result, they continue to be vulnerable to typical network attacks and possess a strong need for efficient early detection.
The US Energy Department says the electricity system “faces imminent danger” from cyber-attacks, which are growing more frequent and sophisticated, but grid operators say they are already on top of the problem.
In the department’s Quadrennial Energy Review, it warned that a widespread power outage caused by a cyber-attack could undermine “critical defense infrastructure” as well as much of the economy and place at risk the health and safety of millions of citizens, Bloomberg reported.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) last week published its annual vulnerability coordination report for the fiscal year 2015. The report provides details on the number and types of security holes disclosed to the agency last year.
The Labs team at malware protection company SentinelOne has discovered a sophisticated malware campaign that’s specifically targeting at least one European energy company.
The malware, called SFG, is the mother ship of an earlier malware sample called Furtim, which targets the industrial automation control systems with sophisticated malware and acts as dropper to deliver a payload which could be used to extract data or potentially shut down the energy grid.
The malware has been developed to work on devices running any version of Microsoft Windows and has been carefully designed to bypass traditional antivirus software and firewalls — including those using both static and heuristic techniques. It’s also primed to detect when it’s being run in a sandbox environment or on systems using biometric access control systems. Where such defenses are detected the software re-encrypts itself and stops working until released from the sandbox in order to avoid detection by security analysts.