Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Cyber Attacks Against Energy Sector Jump in 2013: ICS-CERT

New data from the U.S Department of Homeland Security revealed that the department’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to more than 200 incident between Oct. 2012 and May 2013.

New data from the U.S Department of Homeland Security revealed that the department’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to more than 200 incident between Oct. 2012 and May 2013.

The roughly 200 incidents occurred across all critical infrastructure sectors. According to the data, the highest percentage of incidents reported to the organization occurred in the energy sector (53 percent). The next highest percentage belonged to the critical manufacturing sector, which reported 17 percent of the incidents ICS-CERT investigated.

“The majority of these incidents involved attacker techniques such as watering hole attacks, SQL injection, and spear-phishing attacks,” according to an ICS-CERT report. “In all cases, ICS-CERT evaluates the information available to determine if successful compromise has occurred, the depth and breadth of the compromise, and the potential consequences to critical infrastructure networks.”

ICS-CERT Chart of Attacks by IndustryWhile most of ICS-CERT’s response activities are conducted remotely – through analysis of malware, log files, etc – ICS-CERT also deploys onsite teams to affected entities to review network topologies, identify infected systems and collect other data as needed. During the aforementioned months – which make up the first half of fiscal year 2013 – ICS-CERT deployed five onsite teams, compared to six for all of fiscal year 2012. All of the incidents involved “sophisticated threat actors who had successfully compromised and gained access to business networks,” according to the report.

Those numbers represent a drastic change from past years. Last year, ICS-CERT revealed that it dealt with just nine incident reports back in 2009. In 2010, that number stood at 41. By 2011, the number had reached 198, with seven resulting in the deployment of onsite incident response teams. The most common threat vector for network intrusion was spear-phishing, which accounted for seven of the 17 incidents between 2009 and 2011 that triggered an onsite assessment by ICS-CERT.

According to ICS-CERT, 11 of those 17 incidents were perpetrated by “sophisticated threat actors” trying to steal data.

“The recent report by the DHS ICS-CERT is further proof that malicious actors see the energy sector as a target that is ripe with opportunity and one that is still quite susceptible to being exploited,” said Lila Kee, North American Energy Standards Board member and chief product and marketing officer at GlobalSign. “The report notes that the first half of 2013 yielded 200 brute-force cyber-attacks, surpassing 2012’s total of 198 attacks. Although attacks on major gas and electric systems are nothing new to those in the industry, these facts serve as evidence that low-level criminals, all the way up to state-sponsored groups see the value in compromising our nation’s critical infrastructure.”

The documented frequency and intensity of these attacks shows that the world has entered into a new era that requires the energy sector and other critical infrastructure companies to follow US-CERT recommendations and report cyber incidents quickly, she said. Those corporations should also implement security standards to apply preventative measures to prepare for the ever-increasing number of attacks, she added.

Related: Cyber Attacks Targeted Key Components of Natural Gas Pipeline Systems

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture