More Russia, More Hacks – Now Inside the US Electric Utility Control Rooms
The US government has claimed that Russian state-sponsored hackers were able to gain access to the control rooms of US electric utilities that could have enabled them to cause blackouts. "Hackers working for Russia claimed 'hundreds of victims' last year in a giant and long-running campaign that put them inside the control rooms of US electric utilities where they could have caused blackouts, federal officials said," the Wall Street Journal reported last night.
"They got to the point where they could have thrown switches" to disrupt the power, Jonathan Homer, chief of industrial-control-system analysis for the US Department of Homeland Security (DHS), told the Journal.
How Russia allegedly targeted trusted vendors
As is common in these attacks, criminals didn't have to use any sophisticated techniques as they were able to use fairly common tactics like phishing to compromise organizations supplying utilities. [Google offers the best example of how to avoid employees getting phished] After stealing credentials from these vendors through commonly used techniques, they were able to infiltrate networks, and get access to the utilities.
The DHS links the cyberattacks to a threat actor known as Dragonfly or Energetic Bear, which has been previously linked to the Russian government. This isn't a deja vu since the Trump administration had initially reported this activity in September last year. However, at the time it was said that only a dozen US and European energy companies are affected. Now the DHS is putting the number of affected vendors at hundreds.
Cyberattacks on electric grids and critical infrastructure continue to rise in numbers as several incidents have been reported so far. The most notable is the 2015 attack on Ukraine's power grid that resulted in nearly a quarter of a million people losing power. Since then several governments have started to focus on strengthening their security measures, however, many remain vulnerable.
While DHS hasn't identified any victims, the Journal reports that some companies may not even know they had been compromised as the attacks used legitimate credentials to gain access to their networks. The agency first issued its warning against Russian hackers trying to infiltrate US electric grids in 2014 [PDF]. It appears the country is yet to fix security vulnerabilities and train vendors to protect their networks against infiltration.