Tech Talk | Cybersecurity – the growing threat landscape
Image courtesy NREL
New research on the cybersecurity landscape by services provider Trustwave has found a significant increase in ransomware attacks in the energy and utilities sector.
The cybersecurity landscape is becoming increasingly complex for utilities, as the number of connected devices is mushrooming – smart meters, sensors and home devices, all, in theory at least, a potential point of cyber vulnerability.
But there is also the threat of a growing number of attacks and with it the probability of being targeted.
Ransomware, in particular – where data is held or encrypted or threatened for public release subject to the payment of a ransom, usually in the form of a hard to trace cryptocurrency – has seen a massive increase, according to Trustwave.
Have you read?
Six steps to achieve cyber resilience for electric utilities
CyberSEAS project: Protecting EPES from shifting cybercrime tactics
In the period from mid-2022 to mid-2023, the company reports 137 ransomware attacks, based on claims on groups’ extorsion websites.
But in the following year to mid-2024 the number was up by over 80% to 257 attacks – and while there was a slowing in the second half of 2024, there is still another six months to go to assess the current status.
It also was found that almost half of the attacks were in the United States and around a tenth in the EU and that there are a small number of groups as well as new, emerging groups performing most of the attacks.
For example, since mid-2022, LockBit performed the most at 85, followed by AlphV with 36, while in the second half of 2024 almost one in five were launched by Hunters International and one in seven by Qilin in their increasing targeting of utilities.
Phishing was found to remain a top tactic, responsible for 84% of the breaches in the sector, and the majority of attackers, 96%, relied on remote services to move laterally.
The average financial impact of a data breach also reached nearly $500,000 higher than the overall cross-industry average.
Trustwave suggests several possible reasons for the targeting of the energy and utilities sector, of which one is that it consists of prosperous organisations with considerable revenues, thus making them lucrative targets.
Another is the interconnected nature of the sector, with, as already noted, the multiple entry points for cyber attackers.
There also is potential for widespread societal impact and coupled with a longer recovery time compared to other sectors, disruption has high operational costs.
Cybersecurity challenge
Trustwave notes that cybersecurity in the energy and utilities sector is particularly challenging due to the heavy reliance on the integration of physical and infrastructure and digital systems, increasing regulatory pressure and ageing legacy systems.
The rising frequency of ransomware attacks against the energy and utilities sector underscores the need for robust cybersecurity resilience strategies, designed to proactively identify, mitigate and respond to breaches and ransomware attacks, the company states in the report.
For example, network segmentation should be implemented between the OT and IT networks to prevent lateral movement of attackers within systems and there should be investment in threat detection and response tools.
Other obvious best practices include regular updates and patching of systems and the conducting of regular security assessments, as well as regular awareness and training for employees.
Trustwave CISO Kory Daniels commenting on the review, said that resilience to threats, both nefarious and incidental, is critical for the success of the energy and utilities sector.
“To achieve effective threat resilience, asset and exposure management, infrastructure and code testing, OT and IT cyber defence and business continuity and disaster recovery programmes, such cybersecurity measures will increasingly require innovative collaboration between public and private sectors.”
Global cybersecurity outlook
Alongside this focus on the energy and utility sector, cybersecurity has come under the spotlight in the World Economic Forum, with a new study based on input from a wide range of organisations pointing to the increasing complexity of the cyber landscape.
While larger organisations are showing steady progress in their cyber resilience, smaller organisations are found to be struggling and indeed many believe they have reached a critical tipping point where they can no longer adequately secure themselves against the growing complexity of cyber risks.
The disparity is further marked regionally with the lack of confidence in countries’ abilities to
respond to major cyber incidents targeting critical infrastructure more than twice as great in Africa and Latin America as in Europe and North America.
Public sector organisations also appear to be disproportionately affected, also lacking the necessary talent to meet their cybersecurity goals.
Another key issue highlighted in the report is that supply chain vulnerabilities are emerging as the top ecosystem cyber risk.
This is due to the increasing complexity of supply chains, coupled with a lack of visibility and oversight into the security levels of suppliers, and a key concern is software vulnerabilities introduced by third parties and propagation of cyberattacks throughout the ecosystem.
The rapid adoption of AI also is introducing new vulnerabilities and generative AI is augmenting cybercriminal capabilities, contributing to an uptick in social engineering attacks.
Almost half of the organisations contributing to the Forum’s review reported the incidence of such attacks in 2024.
Jonathan Spencer Jones
Specialist writer
Smart Energy International
Follow me on LinkedIn
