Energy industry vulnerable to increased cyber espionage and sabotage attacksF-Secure’s report highlights that threat actors are advanced and persistent, but companies are using outdated systems and technology to save money. Poor security posture, prioritization, and awareness are also gifts to attackers.
Helsinki, Finland – April 16, 2019: Malicious actors are targeting critical infrastructure (CNI) sites and energy distribution facilities exponentially. Interconnected systems in the energy industry increase vulnerabilities, and cyber attacks often go undetected for some time.
As energy companies save costs against the backdrop of lower oil prices, consolidating operations can weaken business resilience and redundancy levels. This gives rise to new, single critical points of failure, with any disruption across the supply chain potentially having increased consequences.
“Espionage and sabotage attacks against CNI organizations have increased over the years and I don’t think we have seen it all yet,” says Sami Ruohonen, Labs Threat Researcher at Finnish cyber security company F-Secure.
Connecting Industrial Control Systems (ICS) to the Internet is increasing, and a considerable number of CNI systems in use today were installed and built before 24/7/365 internet connections were the norm and the advent of Stuxnet. Many Operational Technology (OT) components have built-in remote operation capabilities, but are either partly or entirely lacking in security protocols such as authentication.
Moreover, cyber security was not a realistic threat when these systems were manufactured, and legacy protocols and systems never had the built-in security controls that we take for granted today. Transitioning these systems to the Internet has opened them up to attacks from a myriad of angles.
“Critical Infrastructure due to its nature is an interesting target for a foreign nation-state, even during peacetime,” Ruohonen explains.
F-Secure’s report shows that:
- A variety of different adversaries, each with their own motivations and tradecraft, constantly strive to compromise organizations that operate critical infrastructure
- Attackers have more time than their targets and will take months to plan their attack
- People are the weakest link in production, with company employees seemingly being criminals’ go-to target
- Attackers continue to succeed mainly due to organizations’ lack of mature cyber security practices
- Nation-state sponsored Advanced Persistent Threat (APT) groups are relentless, and continue to seek network foothold positions on CNIs and espionage opportunities in the interests of exercising political leverage
- Nine different attackers/malwares/techniques targeting the energy industry stand out, with spear phishing being the most common initial supply chain attack technique
- Keeping a small attack surface in the energy industry – while often pitched as the best way to mitigate the risk of acyber attack – is simply not possible
While breaches are a certainty, Ruohonen advises organizations review their cyber security posture to implement latest technologies such as an endpoint detection and response (EDR) solution.
“EDR is a quick way to tremendously increase capabilities to detect and respond to advanced threats and targeted attacks which might bypass traditional endpoint solutions,” he explains. “Managed EDR solutions can provide monitoring, alerting, and response to cover the needs 24/7. This means organizations’ IT teams can operate during business hours to review the detections while a specialized cybersecurity team takes care of the rest,” says Ruohonen.
The complete report is available here
Nobody knows cyber security like F-Secure. For three decades, F-Secure has driven innovations in cyber security, defending tens of thousands of companies and millions of people. With unsurpassed experience in endpoint protection as well as detection and response, F-Secure shields enterprises and consumers against everything from advanced cyber attacks and data breaches to widespread ransomware infections. F-Secure’s sophisticated technology combines the power of machine learning with the human expertise of its world-renowned security labs for a singular approach called Live Security. F-Secure’s security experts have participated in more European cyber crime scene investigations than any other company in the market, and its products are sold all over the world by over 200 broadband and mobile operators and thousands of resellers.
Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.
F-Secure media relations
+49 176 7003 6664
Latest Press Releases
New report from EU research group says attacks against AI systems are already occurring, difficult to identify, and potentially far more common than currently understood
Program aims to help IT resellers bring new cyber security capabilities focusing on detection and response to more organizations
Unit head Christine Bejerasco says team’s medium-term focus ensures F-Secure’s products and services proactively evolve to stay a step ahead of attackers
F-Secure is showcasing Countercept, its award-winning, flagship managed detection and response service in America.