Collaborate Disseminate
Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT. Continue reading NotPetya Linked to Industroyer Attack on Ukraine Energy Grid
Critical national infrastructures such as the energy sector, public transportation, commercial facilities, government and defense, and medical services, among others, have been under attack in recent years, following a large volume of security vul… Continue reading Critical National Infrastructures on the Radar; British MPs Say Attack Is Imminent
Academic researchers claim that hackers could exploit high wattage IoT appliances such as air conditioners, heaters, and cookers, to perform attacks on the power grid.
Read more in my article on the Bitdefender BOX blog.
Continue reading MadIoT: How an IoT botnet could launch a major attack on the power grid
In testing, an Internet of Things (IoT) botnet of large, power-consuming appliances was used to carry out coordinated attacks on the energy grid. Continue reading BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?
Researchers call the scenario BlackIoT: an IoT botnet of high-wattage devices that could crash the power grid. Continue reading Your smart air conditioner could contribute to mass power outages
While stories of nation-state backed hackers threatening the U.S. power sector garner regular headlines, a new experiment highlights the risk of unintended consequences when less-skilled adversaries target the sector. Researchers from Cybereason, a Boston-based company, set up a honeypot in mid-July that mimicked a utility substation’s network environment, drawing the attention of a determined attacker that repeatedly disabled the honeypot’s security system. The hacker’s attempts to be conspicuous, coupled with some sloppy work, told researchers that they were not part of any advanced persistent threat (APT) group that is linked with a nation-state. “It’s not script kiddies, but I’m not convinced that it’s APT either,” said Ross Rustici, senior director of intelligence at Cybereason. “[That] is a red flag for me because they’re very focused, but they’re making mistakes.” While the spotlight has been on nation-state threats to the energy grid, Rustici told CyberScoop, “one of the more concerning and […]
The post Hacker honeypot shows even amateurs are going after ICS systems appeared first on Cyberscoop.
Continue reading Hacker honeypot shows even amateurs are going after ICS systems
The U.S. electric industry has responded to a steady stream of cyberthreats with more rigorous red-teaming and by using artificial intelligence, utility executives said. “We’re penetrating our own system to ensure that we are moving the envelope,” said Brian Harrell, Duke Energy Corp.’s managing director of enterprise protective services. “We’re trying to find the vulnerabilities before anyone else does.” “Just yesterday I [was] having a six-hour conversation with the FBI about somebody trying to penetrate our system,” Harrell said Friday at an event at George Washington University’s (GWU) Center for Cyber and Homeland Security. “These are the kinds of things that are happening on a day in and day out basis.” Harrell told CyberScoop that Duke Energy, which has 7.6 million customers across six states, is still responding to the security incident, declining to go into detail. The episode could turn out to be insignificant, he said, but is nonetheless […]
The post Electric utilities use red-teaming, AI to prepare for advanced threats appeared first on Cyberscoop.
Continue reading Electric utilities use red-teaming, AI to prepare for advanced threats
This is a repost of a blog that Joe Marshall (@ImmortanJo3) and I wrote on February 22, 2016 and @da_667 posted to his blog (which is now defunct, but he has given me permission to post here). It’s not that easy.. Ladies and gentlemen, … Continue reading Repost: Hacking the power grid through air conditioners
U.S. regulators are cracking down on the cybersecurity risks to the electric grid posed by everyday electronics like laptops and flash drives. A ruling issued last week by the Federal Energy Regulatory Commission requires utilities to implement security controls on portable devices that interact with “low-impact” systems, or ones that utilities deem less critical. FERC also ordered the revision of power reliability standards “to mitigate the risk of malicious code” stemming from the devices. The move comes as the Department of Homeland Security has warned that Russian government hackers have their sights on U.S. energy firms, and as Congress readies legislation to secure the grid. Observers say FERC’s tightening of security controls further down the grid could shake up how large portions of the sector approach cybersecurity. Daniel Skees, a lawyer who represents utilities before FERC, said the new ruling amounts to a “sea change” for utilities because it will […]
The post Regulators tightening controls on devices connecting to utility company networks appeared first on Cyberscoop.
Continue reading Regulators tightening controls on devices connecting to utility company networks
In 2015, Russian hackers shut down Ukraine’s electrical grid after infecting the infrastructure with malware. It was only a matter of time until they would target the US power system. As of 2016, US critical operational infrastructures have … Continue reading Researchers Use Machine Learning, Cybersecurity Practices to Secure US Power Grid