It should come as no surprise to anyone that attackers are interested in critical infrastructure companies. But the level and sophistication of the attacks targeting the energy sector are more than enough to give the security community pause.
The threat landscape these companies are facing is the subject of a new paper from security firm Symantec, which takes a long look at the dangers circling the industry. Between July 2012 to June 2013, Symantec saw an average of 74 targeted attacks per day across the globe. Of these, nine attacks per day targeted the energy sector.
“Accounting for 16.3 percent of all attacks, the energy sector was the second most targeted vertical in the last six months of 2012, with only the government/public sector exceeding it with 25.4 percent of all attacks,” Symantec noted. “The high ranking was mainly due to a major attack against a global oil company, which we observed in September 2012. However, in the first half of 2013 the energy sector continued to attract a high proportion of attacks, ranking in fifth place with 7.6 percent of targeted attacks.”
The motivations and origins of attacks can vary, with both business and political rivalries playing a part. According to Symantec researcher Candid Wueest, it is not uncommon for rival companies to commission attacks against fellow corporations, and hacker-for-hire groups such as the ‘Hidden Lynx’ group are more than willing to participate.
Next on the list are politically-minded hackers who sometimes work for foreign governments, he added.
“State-sponsored hackers could target energy firms in an attempt to disable critical infrastructure,” he noted. “Hacktivist groups may also victimize companies to further their own political goals.”
Typically, the attackers go after valuable information, but when the goal of the attack is sabotage, this might not be the case. Nevertheless, attacks focused on sabotage such as Stuxnet and Shamoon can still lead to significant financial losses for companies, and are often the work of state-sponsored agents or hacktivists, Symantec noted.
“Fortunately, there have not been many successful sabotage attacks against energy companies to date,” according to the paper. “However, the increasing number of connected systems and centralized control for ICS systems means that the risk of attacks in the future will increase. Energy and utility companies need to be aware of these risks and plan accordingly to protect their valuable information as well as their ICS or SCADA networks.”
“Our research has found that modern energy systems are becoming more complex,” blogged Wueest. “There are supervisory control and data acquisition (SCADA) or industrial control systems (ICS) that sit outside of traditional security walls. And as smart grid technology continues to gain momentum, more new energy systems will be connected to the Internet of Things, which opens up new security vulnerabilities related to having countless connected devices.”
“In addition to this, many countries have started to open the energy market and add smaller contributors to the electric power grid, such as private water power plants, wind turbines or solar collectors,” he continued. “While these smaller sites make up only a small portion of the grid, the decentralized power input feeds can be a challenge to manage with limited IT resources and need to be carefully monitored to avoid small outages that could create a domino effect throughout the larger grid.”
The paper can be downloaded here.