The DarkSide ransomware attack on the Colonial Pipeline has finally brought home just how vulnerable the power grid currently is to cyber-attack. With cybercriminals shifting their attention away from the finance and healthcare sectors due to law enforcement’s spotlight there, the power grid has become the ‘big game hunt’ of choice for cybercriminals with nation state backing.
So, what are the current trends in ransomware attacks and what should the power grid be preparing for? First and foremost, it is important to note that the number of CaaS services being offered on the dark web has seen a sharp rise in the past year. And, in the current geopolitical climate, nation state actors are partnering with RaaS providers to reap mutual benefit. So, our cyber adversaries are getting stronger, bolder, and more motivated than ever before.
In addition, advances in encryption technologies are paving the way for more innovative ransomware toolkits that are easier to deploy and more difficult to decrypt. Coupled with the rise in the value of cryptocurrency and the inclusion of ransomware pay outs on corporate insurance policies, it has become well worth attackers’ time and effort to target big, carry out extensive reconnaissance, maximise data exfiltration, and halt power grid operations into blackout.
However, there is hope on the horizon! Whilst the average ransomware pay out increased by 43% in just the last quarter, there are signs that far fewer organisations are agreeing to pay at all, due to the fact there have been no guarantees of complete data recovery and privacy, regardless of pay out.
This will go a long way toward deterring repeat attacks in the long term. And, in the short term, power grid cybersecurity teams will need to maximise their cyber hygiene, put in place a robust multi-faceted data backup strategy, turn up the volume on their incident reporting, and take back ultimate control of the power grid by naming and shaming the attackers into solitary confinement.
To learn more about the latest trends, innovations and countermeasures for ransomware attacks on the power grid, join our 60-min webinar Combatting Ransomware Attacks, scheduled to take place at 16:00 CET, Wednesday 30th June 2021. To register yourself and your team free-of-charge, please visit the webinar website and book your places today.
Please enjoy this week’s selection of news, views and resources below, and feel free to share this newsletter with colleagues in other departments, and peers in other organisations.
News, Views & Resources
REPORT: FireEye. M-Trends 2021.
Security practitioners faced a series of challenges in this past year which forced organizations into uncharted waters. As ransomware operators were attacking state and municipal networks alongside hospitals and schools, a global pandemic response to COVID-19 necessitated a move to remote work for a significant portion of the economy. Organizations had to adopt new technologies and quickly scale outside of their normal growth plans.
REPORT: Dragos. Ransomware in ICS Environments.
Although many ransomware strains impacting industrial control systems (ICS) and related entities are IT-focused, such ransomware can have disruptive impacts on operations. Ransomware can directly impact the operational technology (OT) environment if it is able to bridge the gap between enterprise and operations due to improper security hygiene. Ransomware can also have indirect access on operations by impacting resources such as logistics, fleet management, sales operations and fulfilment, or loss of view to enterprise resource management tools.
REPORT: Splunk. Ransomware 101. Key Ways to Combat Ransomware.
Ransomware is a growing problem for organizations of every size with the numbers of attacks and the money spent to clean up the damage on the rise. Ransomware now regularly steals the headlines and gone are the days when it is just a minor corporate issue. Ransomware attacks typically target vulnerabilities on endpoints, preying on organizations that may not be fully up to date in their “security hygiene.”
ARTICLE: Wired. The Colonial Pipeline Hack Is a New Extreme for Ransomware.
For years the cybersecurity industry has warned that state-sponsored hackers could shut down large swathes of US energy infrastructure in a geopolitically motivated act cyberwar. But now apparently profit-focused cybercriminal hackers have inflicted a disruption that military and intelligence agency hackers have never dared to, shutting down a pipeline that carries half the fuel consumed on the East Coast of the United States.
To read the article, click here!
VIDEO: Ransomware in ICS: Impacting Critical Infrastructure and Operations.
Ransomware attacks on industrial entities are increasing, with strains adopting ICS-aware mechanisms to disrupt OT systems. Ransomware operators are incorporating data theft operations into their attack techniques, posing greater concern and legal issues for victims. This session will discuss risks and consequences associated with these activities impacting ICS, and how to defend against them.
To view the video, click here!
CyberAware Webinar Series
Click here to watch the replay of the Navigating the Threat-Scape webinar
Click here to watch the replay of the Combatting Social Engineering webinar
Click here to register to the Combatting Ransomware Attacks webinar