Hackers Gain Entry To US And EU Energy Sector

By   Andrew Clarke
Director, Strategic Alliances & Channel Partnerships, EMEA , One Identity | Sep 11, 2017 09:00 am PST

It has been reported that advanced hackers have targeted United States and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies’ operations, according to researchers at the security firm Symantec.

Malicious email campaigns have been used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries well, Symantec said in a report published on Wednesday. The cyber attacks, which began in late 2015 but increased in frequency in April of this year, are probably the work of a foreign government and bear the hallmarks of a hacking group known as Dragonfly. Andrew Clarke, EMEA Director at One Identity commented below.

Andrew Clarke, EMEA Director at One Identity: 

andrew clarke“The Critical National Infrastructure (CNI) is the backbone of a nation’s economy, security, and health – with the electricity supply being fundamental to our everyday lives.  E-crime, or cyber-crime, whether relating to theft, hacking or denial of service to vital systems, has become a fact of life. The risk of state or industrial cyber espionage, in which one country/company makes active attacks on another, through cyberspace, to acquire high value information is real.  We have witnessed an ongoing real-life “Game of Threats” where the threat actors have constantly tried and tested different forms of attack – the prime motivation being to cause disruption and even long-term impact.  Studies  in the USA report that cyber-attacks are a constant and daily occurrence on utility companies with some facilities receiving upwards of 10,000 attempted cyber-attacks each month – which equates to one attack every four minutes

It is imperative that we continue to innovate to protect access and safeguard CNI.   Segmenting  networks with firewalls is one measure.   And managing access by individual identity is key to really controlling who gets access and how they access systems.  Patching systems so vulnerabilities are mitigated is also key.  What we must all realise is that this type of attack is designed to undermine our way of life.   Without electricity, a nation will quickly grind to a halt – and systems and processes that need electricity to function will be severely impacted.    We have seen the impact of natural disasters across the world but without  a electricity supply a country would struggle to function.”