Cyberattacks on Energy Industry Cost Average of $13.2m Annually

energy industry cyberattacksEnergy industry cyberattacks cost organizations an average of $13.2 million per year, according to new analysis by Frost & Sullivan.

At the same time, the threat is exacerbated by the high penetration of industrial Internet of Things (IIoT) devices in these industries. This opens up thousands, if not millions, of attack targets.

The increase in energy industry cyberattacks, changing compliance regulations by governments, and increased awareness have accelerated the adoption of cybersecurity approaches in the sector.

Unfortunately, existing cybersecurity services vendors are struggling to provide comprehensive visibility into IIoT devices. However, there is opportunity for cybersecurity services vendor who get it right to expand in this market.

“The industrial cybersecurity services market is at the high growth stage of its lifecycle, with rising awareness among end users, increased industrial control systems-based attacks, and the rising need for cybersecurity skills,” judged Frost Industrials Research Analyst Rita Newa.

“Many end users have labor-intensive security practices and lack strong cybersecurity policies. Service providers can help automate cybersecurity services and provide a more holistic approach by offering joint solutions that provide a consolidated view of the IT and OT environment,” she added.

What vendors need to do to expand energy sector business

Newa advised vendors looking to expand their business in the industrial cybersecurity market to:

  • Provide integrated platforms that can deploy a range of services to enhance the security posture of end users while incorporating the best security practices;
  • Use automated management services and advanced analytics to develop a comprehensive service portfolio that can be adapted for all types of end users; and
  • Offer flexible pricing models, such as cybersecurity-as-a-service, and lifetime services to increase accessibility across industries at a lower cost.

“Despite the growing frequency of cyber-attacks, industries still have very low cyber resilience, struggling to ensure cybersecurity in the OT environment. With complexity and sophistication of the attacks, service providers will need to focus on advanced services that can address the threat landscape and automate cybersecurity,” Newa concluded.

DDoS Attacks Targeting Critical Infrastructure, Europol Warns

ddos attacksDDoS attacks are being used to target critical infrastructure, warned European law enforcement agency Europol in its 2018 Internet Organised Crime Threat Assessment report.

Last year, a DDoS attack crippled train networks in Sweden by targeting internet service providers. Another attack shut down communications on the Finnish Aland Island after a telecom provider was targeted.

Europol noted that DDoS attacks are becoming more accessible and involve low cost and low risk for attackers.

DDoS attackers are increasingly using botnets of infected IoT devices to carry out their attacks. The Mirai botnet in 2016 is just one example.

This week, the Department of Justice said the creators of the Mirai botnet cooperated with the FBI and were given five years’ probation.

Close to two-thirds of EU law enforcement reported cases of DDoS attacks last year. And one-third of those emphasized the growing number of cases.

More than one-third of organizations faced a DDoS attack last year, compared to 17 percent in 2016, according to ENISA. Other reports cited by Europol indicated that DDoS attacks accounted for around 70 percent of incidents that compromised network integrity.

DDoS-for-Hire Services on the Rise

One of the reasons for the increase in DDoS attacks is the use of booters or stressers. These are DDoS-for-hire services that provide access to botnets for a small fee. The use of these services is making it much easier for unskilled attackers to launch major DDoS attacks.

In April of this year, the operators of the DDoS marketplace webstresser.org were arrested as result of Operation Power Off. This was an investigation led by Dutch Police and the British National Crime Agency with support from Europol and a dozen law enforcement agencies.

Webstresser.org was the largest DDoS marketplace with more than 136,000 registered users and 4 million attacks. When it was shut down, there was a 60 percent decrease in DDoS attack across Europe, the report noted.

Critical Infrastructure Protection Firm Indegy Raises $18M in Financing Round

critical infrastructure protection
Photo by Zorba the Greek

Critical infrastructure protection firm Indegy closed Aug. 28 on an $18 million Series B round of financing led by Liberty Technology Venture Capital, a subsidiary of Liberty Media.

Energy firm Centrica, O.G. Tech Ventures, and existing investors Shlomo Kramer, Magma Venture Partners, Vertex Ventures, and Aspect Ventures also participated in the financing round.

Centrica supplies energy and services to 25 million customers mainly in the UK, Ireland, and North America through British Gas, Direct Energy and Bord Gáis Energy. Centrica made the investment through its Innovations arm.

“With a growing customer portfolio that spans 35 countries, we’re working to bring businesses world-leading energy management solutions that will allow customers to take greater control of their energy,” said Christophe Defert, vice president of ventures for Centrica Innovations.

“In an increasingly connected world, we’re looking forward to working with Indegy as we explore ways to deploy distributed energy resources with the optimal security solution.”

Indegy will use the money to accelerate growth and expand market initiatives for its critical infrastructure protection suite of products, which protect systems used in manufacturing, energy, water, pharmaceuticals, and other critical infrastructures from cyberattacks.

“Recent reports by the DHS and FBI regarding attacks against critical infrastructures have created a greater sense of urgency among industrial organizations to shore up their defenses, and produced a major spike in new business for Indegy,” said Indegy CEO Barak Perelman.

“This capital infusion provides the financial resources required to scale up the company and capitalize on this market opportunity,” he added.

Scotto, Warwick Join Indegy

Furthermore, Indegy appointed two new executives to its management team. Joe Scotto joins as chief marketing officer, and Todd Warwick takes over as vice president of sales for the Americas.

Scotto joins Indegy from BAE Systems, where he served as vice president for Americas marketing. Previously, he held positions with KPMG, Avaya and Time Warner, where he led product and solutions marketing for their multichannel global SMB business.

Warwick joins Indegy from Imperva, where he served as AVP of sales. He has held sales management positions at Check Point Software and Alcatel-Lucent which was acquired by Nokia in 2016.

Smart Irrigation System Botnets Threaten Public Water Supply

smart irrigation system

Smart irrigation system vulnerabilities could pose risks to the public water supply, warned researchers from Israel-based Ben-Gurion University of the Negev.

The researchers found that attackers could employ a botnet of smart irrigation systems used by city and local governments to remotely turn watering systems on and off at will. This would enable attackers to empty public water supplies held in towers and reservoirs.

The researchers demonstrated how a bot running on a compromised device can detect a smart irrigation system connected to its local area network in less than 15 minutes. The bot can turn on watering of each smart irrigation system using a set of session hijacking and replay attacks.

“By simultaneously applying a distributed attack that exploits such vulnerabilities, a botnet of 1,355 smart irrigation systems can empty an urban water tower in an hour and a botnet of 23,866 smart irrigation systems can empty flood water reservoir overnight,” said Ben Nassi, one of the researchers who conducted the study.

The researchers examined three popular smart irrigation systems: GreenIQ, BlueSpray, and RainMachine. “We have notified the companies to alert them of the security gaps so they can upgrade their smart system’s irrigation system’s firmware,” said Nassi.

“Although the current generation of IoT devices is being used to regulate water and electricity obtained from critical infrastructures, such as the smart-grid and urban water services, they contain serious security vulnerabilities and will soon become primary targets for attackers,” he added.

Countermeasures to Stop Attacks

For countermeasures, organizations running these smart irrigation systems should consider monitoring unusual water consumption in urban water services. Once unusual activities is detected, the organizations can stop the water distribution. Unfortunately, this also prevents people from getting water, which is not a long term solution.

The organization can upgrade from HTTP to HTTPS in their communications. This would prevent attackers from spoofing TCP packets.

Also, organizations can disable SSH because it is not needed to communicate with a smart irrigation system when a cloud serves as a mediator. This will prevent attackers from executing a code on a smart irrigation system by detecting weak passwords, the researchers concluded.