What is behind the increase in threats to the utilities infrastructure? Our new whitepaper explores the why, how, and who is targeting the UK’s critical national infrastructure.
It is widely reported and accepted that critical national infrastructure (CNI) operators, particularly utilities, are a target for nation-state sponsored computer network exploitation. However, some recent events have caused seismic shifts in the state of the threat landscape, altering how attacks are conducted, the tools used to execute, the increased range of targets within a utility’s ecosystem, and the motivations of attackers. Understanding how these factors combine is the key to effectively enabling infrastructure organizations to protect their critical assets.
Why are attackers increasingly focused on utilities?
There are a number of motivations and factors that have led to an advancing threat to this sector. Attackers – whether individuals or nation-states – may be motivated by:
- Acquisition of confidential information that is of use or value;
- Direct financial reward underpinned by increased cryptocurrency liquidity and anonymization;
- Exercising leverage for large-scale business objectives;
- Creating psychological uncertainty to support military operations;
- Political objectives as part of a wider geopolitical strategy.
Targeting research and the supply chain
The complex systems that underpin utility and energy companies – both virtual and physical – leave many vulnerabilities exposed.
The most significant operational security weaknesses come from people and processes. In attempting to acquire confidential information, direct email phishing remains the most widely used – and the most effective. Clever social engineering tactics and techniques and increased publication of tools to extract data from a potent combination.
On the physical side, the different elements of the supply chain – including operational systems, machines, and hardware – are often the attackers’ objectives. Where an organization has security protocols in place that are sufficient to resist targeted attacks, it is easier for a malicious actor to target the organization’s supply chain by compromising their equipment vendors, managed IT service providers, or software support platforms.
What enables and motivates attackers
There are regular reports of vulnerabilities within the operational technologies used in production networks that could theoretically be used by hostile actors. Advanced tools have been developed to exploit vulnerabilities in the corporate and operational networks of infrastructure asset owning and operating firms. Some changes to money laundering techniques fuel ever-greater ransomware demands, and upcoming regulations are all enabling and incentivizing cyber-extortion. Increased cryptocurrency liquidity and anonymization also underpins larger extortion demands and payouts.
What this means for utility companies
Complex and agile organizations need to ensure that the security deployed to protect their assets factors in all the different threat elements and how they might be executed. Because of the nature and level of risk posed to utility and infrastructure operators, it essential that security is proactive, not reactive. Consistently testing your people, your network, and the critical resources both virtual and physical is the only way to ensure that your security measures, systems, and processes are enough to keep you protected.
To find out more about how F-Secure Countercept’s threat hunting capabilities can protect utility companies from a range of security threats, please get in touch.