CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Energy Sector Faces Rocky Cyber-Threat Landscape: Report

It should come as no surprise to anyone that attackers are interested in critical infrastructure companies. But the level and sophistication of the attacks targeting the energy sector are more than enough to give the security community pause.

It should come as no surprise to anyone that attackers are interested in critical infrastructure companies. But the level and sophistication of the attacks targeting the energy sector are more than enough to give the security community pause.

The threat landscape these companies are facing is the subject of a new paper from security firm Symantec, which takes a long look at the dangers circling the industry. Between July 2012 to June 2013, Symantec saw an average of 74 targeted attacks per day across the globe. Of these, nine attacks per day targeted the energy sector.

“Accounting for 16.3 percent of all attacks, the energy sector was the second most targeted vertical in the last six months of 2012, with only the government/public sector exceeding it with 25.4 percent of all attacks,” Symantec noted. “The high ranking was mainly due to a major attack against a global oil company, which we observed in September 2012. However, in the first half of 2013 the energy sector continued to attract a high proportion of attacks, ranking in fifth place with 7.6 percent of targeted attacks.”

Energy Industry Targeted by Cyber Attacks

The motivations and origins of attacks can vary, with both business and political rivalries playing a part. According to Symantec researcher Candid Wueest, it is not uncommon for rival companies to commission attacks against fellow corporations, and hacker-for-hire groups such as the ‘Hidden Lynx’ group are more than willing to participate.

Next on the list are politically-minded hackers who sometimes work for foreign governments, he added.

Advertisement. Scroll to continue reading.

“State-sponsored hackers could target energy firms in an attempt to disable critical infrastructure,” he noted. “Hacktivist groups may also victimize companies to further their own political goals.”

Typically, the attackers go after valuable information, but when the goal of the attack is sabotage, this might not be the case. Nevertheless, attacks focused on sabotage such as Stuxnet and Shamoon can still lead to significant financial losses for companies, and are often the work of state-sponsored agents or hacktivists, Symantec noted.

“Fortunately, there have not been many successful sabotage attacks against energy companies to date,” according to the paper. “However, the increasing number of connected systems and centralized control for ICS systems means that the risk of attacks in the future will increase. Energy and utility companies need to be aware of these risks and plan accordingly to protect their valuable information as well as their ICS or SCADA networks.”

“Our research has found that modern energy systems are becoming more complex,” blogged Wueest. “There are supervisory control and data acquisition (SCADA) or industrial control systems (ICS) that sit outside of traditional security walls. And as smart grid technology continues to gain momentum, more new energy systems will be connected to the Internet of Things, which opens up new security vulnerabilities related to having countless connected devices.”

“In addition to this, many countries have started to open the energy market and add smaller contributors to the electric power grid, such as private water power plants, wind turbines or solar collectors,” he continued. “While these smaller sites make up only a small portion of the grid, the decentralized power input feeds can be a challenge to manage with limited IT resources and need to be carefully monitored to avoid small outages that could create a domino effect throughout the larger grid.”

The paper can be downloaded here.

Related: Cyber Attacks Against Energy Sector Jump in 2013

RelatedCyber Attacks Targeted Key Components of Natural Gas Pipeline Systems

Related: Energy Sector at Higher Risk of Brute Force Attacks and Malware Threats

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.