A recent deep dive by The Wall Street Journal reconstructs the worst hack into the US power systems, revealing attacks on hundreds of small contractors. Rather than strike the utilities head on, the hackers went after hundreds of contractors and sub-contractors and worked their way up the supply chain. Industry experts have said that Russian government hackers likely remain inside some systems undetected.
Andrea Carcano, Co-Founder and Chief Product Office at Nozomi Networks:
“Recent reporting that deconstructs long-term hacking campaigns by sophisticated hacking groups like Dragonfly and Energetic Bear demonstrates some of the successful tactics used against utility companies in an attempt to hack the U.S. electric grid. Utility companies can learn a lot from the from what happened during these campaigns in order to protect themselves from future attempts by bad actors – and from the groups that may have already gained access into their systems and are waiting undetected.
One key tactic used was to infiltrate third-party supply chain vendors, which is a well-known APT tactic. Utilities must have their own protections to monitor their SCADA/ICS operations not only for known attack signatures, but also for anomalous behaviours that would indicate that third parties might have been compromised by attackers that are using them to gain access into the utility’s control systems.
We can learn a lot from these campaigns and utility companies should feel empowered knowing that technology exists that can protect from tactics such as these. The more we understand about attackers’ playbooks, the easier we can keep pace and hopefully put ourselves in a position to be one step ahead.”