IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image

Spearphishing identified as leading threat to utilities

Today

ReliaQuest has issued a report analysing cybersecurity threats impacting the utilities sector, highlighting spearphishing as a predominant threat.

The report underlines that 81% of cyber threats to the utilities sector involve spearphishing, a figure that starkly contrasts with the 23% observed across all sectors during the same period. This disproportionate vulnerability is attributed to the dual access utilities employees have to both IT and operational technology (OT) environments.

Legacy infrastructure in OT systems, combined with a critical need to avoid downtime, often results in weaker cybersecurity defences which are exploited by attackers through spearphishing tactics.

Over the past year, the utilities sector also experienced a 42% rise in ransomware incidents. The report suggests that ransomware groups, such as 'Play', are focusing their attacks on utilities due to the constant operational requirements of these organisations.

Moreover, threat actors have been increasingly discussing and even publishing access to OT systems on dark-web forums. The presence of Initial Access Brokers (IABs) selling compromised virtual private networks (VPNs) and Remote Desktop Protocol (RDP) tools has been particularly notable.

The US Environmental Protection Agency has identified at least 97 major water systems in the US with unpatched critical vulnerabilities, which could affect nearly 10% of the larger water systems serving over 50,000 people if exploited by cybercriminals.

The report also addresses threats from the Volt Typhoon Group, a China-linked advanced persistent threat. This group has been identified as embedding itself within IT networks to move laterally to OT assets with potential intent to disrupt critical national infrastructure (CNI).

ReliaQuest highlights that from November 2023 to October 2024, the utilities sector continues to be plagued by spearphishing, both via links and internal communications. The sector's legacy OT infrastructure makes it a lucrative target.

ReliaQuest emphasises the effectiveness of AI and automation in threat containment. The utilisation of GreyMatter Automated Response Playbooks allows organisations to achieve a mean time to contain threats in just two minutes, significantly reducing operational disruptions compared to the industry average of 21 hours for manual responses.

Furthermore, the report identifies impersonating domains as an emerging threat, with these practices constituting 57.42% of true-positive GreyMatter Digital Risk Protection (GreyMatter DRP) alerts. The creation of convincing fake domains has been facilitated by AI advancements, leading to reputational and operational risks for utilities.

The surge in ransomware activity has seen 75 utilities appearing on ransomware data-leak sites over the past year. The high-stakes nature of this sector makes it an attractive target for financial and strategic exploitation.

The threat posed by Volt Typhoon is underscored as significant, given its ability to integrate deeply within network environments, presenting challenges to detection and removal without causing downtime. The group's refined techniques highlight the necessity for strong detection and incident response measures.

As global geopolitical tensions, particularly involving China and Iran, are anticipated to rise, the potential for increased cyber offensives targeting utilities is expected to grow. The incoming US administration could influence the activities of state-sponsored groups like Volt Typhoon, aiming to disrupt essential services.

The report also speaks to the anticipated shift towards renewable energy sources, noting that this transition will increase exposure to cyber threats due to the integration of distributed energy resources.

In conclusion, the increase in spearphishing and ransomware attacks clearly demonstrates the utilities sector's attractiveness to malicious actors. As the sector incorporates new technologies, the necessity for robust cybersecurity measures becomes ever more crucial to maintain service continuity and security.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X