The energy sector is experiencing a massive digital transformation. This process is revolutionizing energy production, transmission, storage, and also consumption. In fact, energy infrastructures are complex systems, and they have been built many years ago, which were not interconnected with digital equipment. The adoption of intelligent technology, such as artificial intelligence (AI) for monitoring systems, is enabling new business models as well as more effective asset management. But, digitization poses new challenges. Cyber risks can potentially impact every operation within a power plant particularly with the increased use of connected industrial devices or automated controls. This blog post delves into the cyber security threats in the energy sector.
Table of Contents
What increases the vulnerability of the energy sector?
Cyber attacks are on the increase and the energy sector is an important target for criminals. Energy infrastructures have turned into highly distributed systems, which require proactive protection. Following are the three factors that increase the vulnerability of the energy sector.
The rapid pace of technological innovation
The transformation of the energy system is already underway. It’s driven by the needs expand access to secure energy, and enabled by emerging innovative technical solutions. In the most basic sense, technological innovation is seen to be a critical enabler of progress. However, the exponential growth in technological innovations in the energy sector increases the levels of indiscriminate and targeted cyber attacks. As a result of that, energy companies are aggressively developing strategies to combat their security deficiencies and boost the security of their digital assets.
The increasing sophistication of cyber attacks
It is generally accepted that cyber attacks have become more sophisticated over the years. These types of attacks may come from organized crime groups, industrial espionage teams, cyber terrorists and even nation states. Moreover, these multi-vector attacks exploit unknown and complex vulnerabilities, causing significantly negative impacts on a large scale. So, the rising sophistication of cyber attacks in the energy sector has the very potential to damage large numbers of entities across large geographic regions.
The sector’s attractiveness as a cyber target
Energy industry is an IP-intensive industry. In other words, it holds massive intellectual property. It’s no secret that IP is at the core of competitiveness of many organizations. Mainly for that reason, it’s an attractive target for cyber criminals and also cyber espionage. Cyber espionage against the energy sector may be rooted in political and economic motives, which may give the actor access to knowledge that presents a technological advantage, constituting a potential threat to the energy security.
5 biggest cyber attacks against energy sector
A number of adversaries, each with their own motivates, strove to compromise organizations that operate critical infrastructure. We are sharing 5 big names that stand out as they left their marks in the industry.
December 2016. Ukraine’s power grid was affected by a novel malware attack, which resulted in parts of Kiev to be subjected to complete darkness. This was the first-known case of malware created to particularly hit electrical grid systems. Once it infects Windows machines, it automatically maps out control systems and records network logs to send to its operators.
Furthermore, once the malware connects to internet, it has the potential to adapt to numerous protocols. Worse yet, it damages all the files on the system and removes its track after completion. As a result of this incident, nearly a fifth of the station’s power capacity was cut off. The malware is extremely dangerous as it could last for hours and even days, so it has obtained the nickname of Industroyer. after all, the CrashOverride malware appeared to have not utilized its maximum functionality.
GreyEnergy is an Advanced Persistent Threat or simply APT, which targeted industrial networks in Ukraine and also Eastern European countries for the last several years. According to a report by ESET, GreyEnergy malware was part of the new cyber arsenal of the BlackEnergy APT group. Their key toolset was last observed in 2015 during the Ukraine power grid cyber attack. This malware majorly utilized phishing emails as its initial infection method.
ESET researchers was tracking the activities of the GreyEnergy group for many years. They found that the design and architecture of the GreyEnergy malware was so similar to those of the BlackEnergy malware. Briefly, the techniques used were not new, however both the tools and the tactics employed were intelligently chosen.
Related article: The A-Z Guide of Advanced Persistent Threat (APT)
Havex malware targeted organizations in the energy sector, an it has been developed to implement industrial espionage against a number of companies in Europe. Within the energy sector, this malware particularly targeted energy grid operators, major electricity generation companies, petroleum pipeline operators, and industrial equipment providers. Besides that, it also hit organizations in the aviation, defense, and petrochemical industries.
The attackers utilized watering hole tactics, which are designed to infiltrate employees of big enterprises, within a specific sector through famous websites. The main objective is to infect a user’s computer with malicious code to obtain access to the network at the user’s place of employment. Apart from these tactics, attackers leveraged spam and exploit kits to spread the malware. In a nutshell, this malware was an intelligence-gathering tool used for espionage and not for the disruption of industrial systems.
Related article: Explore 6 Types of Network Security and Ensure Robust Protection
Operation Sharpshooter was disclosed in December of 2018. This was a novel implant framework to hack global critical infrastructure players including nuclear and energy companies. The espionage campaign started when a splay of malicious files were delivered to targets via Dropbox. Once downloaded, these files placed embedded shellcode into the memory of Microsoft Word.
This, later operates as a simple downloader for a second-stage implant. This stage runs in memory and accumulates intelligence from the victim’s network. The campaign targeted 87 organizations across a broad spectrum of companies internationally.
Did you know?
Operation Sharpshooter’s tactics interrelate with different campaigns, including a similar deceptive job recruitment campaign conducted by Lazarus Group in 2017.
In mid November 2017, attackers utilized the TRITON sophisticated attack framework to control industrial safety systems at a critical infrastructure facility and accidentally led to a process shutdown. FireEye, a cyber security solutions provider, stated that the intrusion tools the malicious actors used were developed by humans, that they had perceivable human strategies and preferences.
This malware specifically targeted Schneider Electric’s Safety Instrumented Systems, the Triconex Emergency Shut Down (ESD) system. During this sophisticated attack, the actor utilized many custom intrusion tools to obtain and maintain access to the target’s IT and operational technology networks.
The impact of a successful attack on a SIS target could be devastating, that the attacker could manipulate the configuration of a safety system. TRISIS malware is a type of highly targeted tool that enables the attacker to completely modify the ladder logic on infected devices.
Now you know about cyber security threats in energy sector
Cyber attacks to energy sector are becoming increasingly targeted and sophisticated. The impact of a cyber attack can be devastating for energy companies as well as the public. Yet, the means of cyber attacks constantly change, which makes us to say that a defence system that perfectly operates today may not be efficient tomorrow. It is crucial the energy sector stay aware of what is happening in cyber security and continue to work to mitigate likely vulnerabilities in the systems they control.
Cyber security careers are in high demand. Are you or your employees in search of cyber security training? Check our Cyber Security Specialist training with Swiss Federal Diploma. Not only will this course introduce you to the field of cyber security, but also you’ll be exposed to real-world cyber security challenges from industry experts. Would you like to join Swiss Cyber Forum? Become a member now.