Elexon, an organisation that is central to the balancing and settlement of the UK electricity market, has been hit by a cyber-attack. Following security experts provide their insight below:
Elexon, a Critical UK Electricity Network Administrator, Hit by Cyber Attack https://t.co/nCKvDxq1wH pic.twitter.com/3j4qmH8quM
— Angelo G Longo (@aglongo) May 18, 2020
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The suspected ransomware attack on Elexon could have been much worse. As the company is in charge of distributing power supply in the power grid for the UK, employees not being able to access systems and act quickly could have had significant consequences. Thankfully, impact seems to have been limited.
This latest breach is a reminder of how important it is that those who are part of the critical services ecosystem follow best practice and get the basics right. A layered approach to security is needed, including people, processes and technology; from regular patching processes through to technology that maximises network visibility and allows malicious behaviour to be identified quickly.
This is further evidence that ransomware attacks can happen to any organisation, no matter their size or sector. This is why it is imperative to ensure that all businesses are prepared for the possibility of a ransomware attack and implement proper resilience measures. This will allow them to be in the best position to recover if the worst-case scenario does happen. Having contingency plans in place is critical at a time when ransomware attacks against large companies are becoming a regular theme. This is particularly important when serving something as important as the National Grid, which makes you an attractive target to criminals.
Organisations should have non-networked backups and a fallback email and archiving process in place, which will help to significantly lower the potential losses of a ransomware attack. Cyber security should also be seen as an organisational responsibility and not an individual responsibility. Everybody plays a part in maintaining effective security posture, protecting ourselves and our workplace against nefarious organisations looking to cause disruption. But individuals are only one of the pieces of the security puzzle. Organisations must take responsibility for training all staff and educating them on the threats that persist, and how they can defend against them. Remediation of any ransomware infection is likely to be significantly more difficult to remediate in any jurisdiction experiencing a period of lockdown or distancing measures. It may well slow any organisational response and require significant replacement of assets rather than allowing an effective segregation of impacted machines.
Ransomware activity is likely to be more of a threat during this global pandemic as cybercriminals understand cyber-hygiene is likely to be nose diving at present. Indeed, our latest research into cyber threats in the age of Covid-19 shows that global ransomware is on the rise, with 60% of the most recent campaigns against one vertical found to be incorporating some form of ransomware.
We’re operating in a heightened environment where nation states – as well as cybercriminals acting for financial gain – can exploit the associated human stressors with our current situation to get to money or valuable intellectual property by exploiting the work-from-home model or hiding in the noise generated by all these on-going changes in the infrastructure.
It’s inevitable that organizations dealing with highly valuable IP will be targets for cyberattackers.
In recent times we’ve seen a specific increase in attackers targeting employees, using tactics such as phishing to compromise accounts. In fact, our X-Labs team saw a rise in unwanted emails (malicious, spam or phishing) containing embedded URLs using the keywords of COVID or Coronavirus from negligible values in January 2020 to over half a million blocked per day the end-of-March onwards. As hackers now target people, not silicon, organisations need cyber security solutions that address that.
It’s therefore imperative for organisations to understand the context behind user interactions with data and systems – for instance, security teams can respond faster if they knew someone was acting outside of their normal work routine or if systems are experiencing unusual web traffic, or uncommon application use, indicating unusual behaviour. Having the ability to observe behaviours and adapt protection to changing levels of risk real-time is critical to preventing and mitigating cyberattacks.