Cyberattacks against energy and utilities firms begin inside enterprise IT networks
Hackers obtain administrative credentials for reconnaissance first
New research from Vectra has revealed that while industrial control systems are being targeted by hackers, most cyberattacks against energy and utilities firms occur inside enterprise IT networks.
The research was published in the firm's 2018 Spotlight on Energy and Utilities highlighting the importance of detecting hidden threat behaviours inside enterprise IT networks before attackers have a chance to spy, spread and steal. These threat behaviours also show that carefully orchestrated attack campaigns generally occur over many months.
Cybercriminals have been launching carefully orchestrated attack campaigns against energy and utilities networks for years. These quiet reconnaissance missions often last several months and involve observing operator behaviours and building a unique plan of attack.
Gaining access to the network
American Municipal Power's CIO, Branndon Kelley offered further insight on how attackers target industrial control systems, saying:
“When attackers move laterally inside a network, it exposes a larger attack surface that increases the risk of data acquisition and exfiltration. It’s imperative to monitor all network traffic to detect these and other attacker behaviors early and consistently.”
Remote attackers are able to gain a foothold in energy and utilities networks by staging malware and spear-phishing campaigns to steal administrative credentials. Once inside, they utilise administrative connections and protocols to carry out reconnaissance and spread laterally searching for confidential data about industrial control systems.
Managing Research Director of Enterprise Management Associates, David Monaham explained how misuse of administrative credentials is a serious threat that businesses need to be more aware of, saying:
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“The covert abuse of administrative credentials provides attackers with unconstrained access to critical infrastructure systems and data. This is one of the most crucial risk areas in the cyberattack lifecycle.”
- We've also highlighted the best antivirus
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.