Skip to main content
close search
site logo
Dive Brief

FBI warns Russia is probing energy sector cyber systems as threat to industrial control technology grows

Published Aug. 21, 2020
Robert Walton's headshot
Senior Reporter
Pixabay

Dive Brief:

  • Russian hackers have been probing the internet systems of critical infrastructure providers and the energy sector in particular has seen an increase in distributed denial of service attacks this summer, according to business analytics and security service Netscout.
  • The activity associated with Russia's military was revealed in May notifications sent to hacking victims by the Federal Bureau of Investigation, and was first reported on by Wired. The cyber campaign is thought to be ongoing. Then in July, the National Security Agency issued a warning regarding threats to operational technology (OT) and industrial control systems (ICS).
  • The threat to ICS and OT networks is growing and could impact critical operations, say experts. More than 70% of ICS vulnerabilities disclosed in the first half of 2020 can be exploited remotely, according to a new report by cybersecurity firm Claroty.

Dive Insight:

Two disturbing pieces of cybersecurity news highlight the ongoing threat faced by critical infrastructure providers, and in particular energy delivery companies.

“The energy sector will always be a valuable target because of the potential impact it has on such a basic service that all of us rely on," Claroty Vice President of Research Amir Preminger said in an email.

Tying together the FBI and the NSA alerts, "we can see that there is a rise in attempts to infiltrate or bring down ICS devices in energy," Preminger said.

Claroty's report on control system vulnerabilities and the ability to access them remotely comes from its assessment of 365 ICS vulnerabilities published by the National Vulnerability Database and 139 ICS advisories issued by the Industrial Control Systems Cyber Emergency Response Team in the first half of the year.

The ability for hackers to remotely exploit ICS vulnerabilities has been exacerbated by the shift to a remote workforce and the increased reliance on remote access to ICS networks in response to the COVID-19 pandemic, according to Claroty's research. 

It is widely known that there are many ICS devices publicly accessible, Preminger said. "The only thing a hacker needs to do is to scan through all of those devices and find one that is misconfigured (without security settings enabled if it exists) or has a vulnerability that enables the attacker to exploit it remotely," he said.

Boston-based security firm Cybereason has created fake industrial control networks to gauge the activity of hackers. The firm says its "honeypot" operations show cyber criminals often attack the networks within hours or days of being set up.

And intruders are increasingly finding ways to move from IT networks into the OT space, according to Cybereason Chief Information Security Officer Israel Barak. In particular, they are seeking networks or machines that have shared access between information technology systems and the control systems which actually operate critical equipment. 

"Some of these criminal actors have a playbook that targets industrial control systems," Barak said. "They have a playbook for moving from IT to OT networks."

While hackers' approach to pivoting from IT to OT networks may not be sophisticated, Barak said the very fact that they have a strategy for attempting this "means they've probably been doing it."

But there is some good news. Operational networks are complicated and sensitive, said Barak, potentially limiting the impact a hacker can have. "It takes a certain degree of expertise to operate them. ... If a criminal actor gains access to an electric generation facility, there's no reason to think they have any training on how to operate that facility."

Still, the opportunity for cyber intrusions is weighted to the attacker, according to Claroty's research.

"The big task for an adversary is to find one hole in the defense, while the work of a defender is to find and protect every possible hole in the entire perimeter," said Preminger.

"It only takes one mistake to give the adversary the access required to get into the OT network," Preminger said. "Once the attacker is in, we can see that he will probably meet old unpatched equipment or invest and find new vulnerabilities to use.”

Editors' picks

Company Announcements

View all | Post a press release
ABB launches next-generation medium voltage drive, designed to enhance industrial performance …
From ABB
November 19, 2024
Oncor System Resiliency Plan Approved by PUCT
From Oncor
November 14, 2024
General Atlantic’s BeyondNetZero Fund and TA Partner to Drive Continued Growth of Technosylva
From Technosylva
November 21, 2024
Utility Broadband Alliance 2024 Summit & Plugfest Shatters Attendance Milestone
From Utility Broadband Alliance
November 21, 2024
Editors' picks
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.