Electric Grids Targeted For Cyber Attacks
Some of the world's most dangerous hackers have zeroed in on the US power sector. Currently the electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems and operations technology for a variety of purposes.
Attacks on electric systems, like attacks on other critical infrastructure sectors, can further an adversary’s criminal, political, economic, or geopolitical goals.
As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases.
A power disruption event from a cyberattack can occur from multiple components of an electric system including disruptions of the operational systems, targeting enterprise environments to achieve an enabling attack through interconnected and interdependent IT systems, or through a direct compromise of cyber digital assets. According to a report by dragos.com, an Iranian-sponsored hacking group called Magnallium has been trying to get access to American electric utilities for at least a year.
Also another hacking group called Xenotime has been spotted hitting US electric utilities with "reconnaissance and potential initial access operations" since late last year.The hacking group, infamous for infecting the safety systems of a Saudi petrochemical plant with highly specialised, life-threatening malware two years ago, isn't known to have broken through to the sensitive controls of US power plants or substations.
The hackers have been trying to guess passwords for hundreds of accounts linked to US electric utilities, plus oil and gas firms, a technique known as “password-spraying.” This chimes with findings from Microsoft, which revealed it had seen a similar campaign in November 2019.
According to industry sources It’s unlikely the hackers currently have the ability to cause blackouts in the US, but they could potentially still disrupt a power station’s computer network.
In March 2019, hackers did use firewall vulnerabilities to cause periodic “blind spots” for grid operators in the western US for about 10 hours. It was the first known time a cyberattack has caused that kind of disruption, which, did not affect the actual flow of electricity, at a US power grid company.
Infrastructure owners need to be constantly vigilant about cybersecurity and make sure their employees are following basic security advice, such as using strong, unique passwords, as well as adopting more sophisticated protection.
You Might Also Read:
Iran's Cyberwar Response To Its General's Killing:
Foreign Cyber Intrusions On The USA: