on

Threat actors’ dangerous and rising interest in the global energy industry

The energy sector is no stranger to digital transformation. Like so many industries before it, energy is currently in the midst of significant digital growth, thanks to developments in artificial intelligence (AI), the Internet of Things (IOT), blockchain, and big data. The result is a global energy sector that’s more connected, innovative, and efficient than ever before.

However, the more reliant energy organizations become on these new technologies, the more vulnerable they become to the security gaps they bring. For most, being exploited through these gaps could lead to crippling financial and brand damage. For the energy sector, it could spell countless fatalities and entire nations left quite literally in the dark should critical infrastructure be breached.

As a vital cornerstone of the global economy, it’s imperative that IT decision makers within the energy industry are up to the task of understanding the threats surrounding them, the attackers – and the motives – themselves, and what tools, blueprints and partners are out there to help them survive these attacks – such as the following, which took place throughout 2020.

Kudankulam’s nuclear power plant

India’s largest nuclear power plant fell victim to a devastating cyber attack earlier this year, the result of data extracting malware deployed by North Korea’s Lazarus Group. The Nuclear Power Corporation of India Limited (NPCIL) reported the attack, which was eventually discovered by Google’s virus scanner site VirusTotal in time to stop any plant systems from being seriously affected. It was ultimately revealed that the malware entered the system through an employee’s PC upon connecting it to the plant’s core network.

While significant damage was avoided, it was a dangerously close call for the nuclear plant: had the actor been successful in seizing control of the nation’s nuclear plant, there is no predicting the level of destruction that could have been caused in a matter of clicks. It’s no surprise then that investigations following this event deemed the plant’s cyber defenses not up to task.

Russia’s power grid

Tensions between the US and Russia rose this year as the US upped its digital presence in the nation’s electric power grid, a direct response to warnings from the Department of Homeland Security and the FBI that Russia had deployed a dangerous malware into the US’s power, oil, and gas infrastructure. This swiftly led to the Trump administration deploying further undisclosed tools in a bid to break into the Russian infrastructure, and even declare foreign cybersecurity threats to the US as a national emergency.

Neither state has significantly escalated their foothold in the other, or used that foothold to declare war, though both have seen themselves locked in a cold war style standoff, one that could result in all out war – and the devastation that means – at a moment’s notice.

Britain’s electricity market

Finally, this year saw the UK organization responsible for facilitating payments across the UK electricity market, Elexon, fall victim to a sophisticated attack from cybercriminals. Though no Britons suffered outages or energy disruptions as a result of the attack, Elexon was locked out of its emails, communications, and IT systems by the ransomware. The company has yet to comment on the precise cost of this attack, though it’s expected to face “a long and expensive road to recovery”. Despite this, given how ingrained Elexon is in the UK’s electricity market, it is not a far stretch to see how the criminals in question could have leveraged Elexon’s reach and infiltrated and disrupted the nation’s electricity supply.

Preparing for the future

To avoid further attacks of this nature, it’s clear that the energy sector must commit to improving its current security measures as it moves into 2021 and beyond. They must better understand cyber risks and how to mitigate them, better champion their own security culture, and invest in platforms that provide robust threat intelligence to support them. Only by doing this can energy organizations hope to meet the challenges ahead of them and properly mitigate them when the time comes.

Blueliv’s latest whitepaper  delves into the threats facing the energy industry, as well as the actors behind them, necessary strategies, and the role threat intelligence plays in true security. Blueliv hosts a global community of thousands of cybersecurity experts and encourages them to share news, views, IOCs and more – the Blueliv Threat Exchange Network – giving members access to our free proprietary elastic sandbox, a close-to real time cyberthreat map and it encourages information sharing, and is free to join.

Demo Free Trial MSSP
Program