Cyberattacks on energy and utility companies increase
Attacks on infrastructure and energy companies are increasing, but they are occurring inside enterprise IT networks, not directly in the critical infrastructure, according to a new report.
AI powered attack detection specialist Vectra finds attackers typically gain a foothold in energy and utilities networks by staging malware and spear-phishing to steal administrative credentials.
Once inside, they use administrative connections and protocols to perform reconnaissance and spread laterally in search of confidential data about industrial control systems.
"The utility and energy industry heavily focuses on security critical infrastructure," Chris Morales, head of security analytics at Vectra says. "Which means making sure the lights stay on. However, the reality is that up to now -- in the US at least -- there hasn’t been a major attack on the power grid attributed to malware, not because it can’t happen but because it hasn't. But there has been a huge amount of activity on the IT networks of these companies. What we wanted to highlight in this report is that this is happening every day and the companies need to spend more time paying attention to it."
Vectra monitored network traffic and collected metadata from more than four million devices and workloads from customer cloud, data center and enterprise environments over a six month period. Among its findings are that during the command-and-control phase of attacks, 194 malicious external remote access behaviors had been detected per 10,000 host devices and workloads, along with 314 lateral movement attack behaviors.
In the exfiltration phase of the cyberattack lifecycle, 293 data smuggler behaviors were detected per 10,000 host devices and workloads.