Power Utilities are Vulnerable to Cyber Attacks Like Spear Phishing

phishingIt’s no secret that power utilities are targets for cyber attacks. Understanding attack methods and how to prevent them are critical steps for any organization.

Cybersecurity firm Symantec released a report on Dragonfly 2.0 in September 2017. Dragonfly is a group of cyber attackers that has been in operation since 2011; the Dragonfly 2.0 campaign started in late 2015 and attacks power systems, resulting in disruptions to Ukraine’s power system in 2015 and 2016. In several other cases, including in the U.S., hackers gained access to the target companies’ networks.

While there are many methods that cyber threat actors utilize to gain information that help them break into networks, spear phishing, or phishing, is one that targets all of an organization’s employees. Any individual could supply information that could compromise a network’s security.

What is Spear Phishing?

You’ve probably received an email that doesn’t look quite right. Maybe it looked like it was coming from an organization you know, but the logo and email domain were off. Or maybe it contained instructions for action you needed to take – but you didn’t recognize the sender.

Spear phishing is a cyber attack method used to compromise systems and networks and gather information using social engineering techniques. A phishing email is designed to prompt a response from the recipient, such as clicking on a link or opening an attachment. Through the response, the recipient may download malware or be redirected to a website prompting them to provide sensitive information, such as login credentials, that will be sent to the cyber threat actors.

Spear Phishing Defense

It’s important to train employees to recognize suspicious emails and handle them appropriately:

  • Hover over links to make sure the true destination matches what appears in the email and that it appears to match the organization’s URL structure

  • Never reveal personal or financial information in response to an email; better yet, don’t respond to any email that looks suspicious

The IT department should also use filtering, blocking, and validation techniques to prevent emails with known phishing indicators from reaching employees in the first place.

Even so, it’s possible that cyber threat actors could start to collect information that will enable them to disrupt a system in the future. They continue to build their knowledge with every piece of data that they gain from an attack.

Network Monitoring

Network monitoring is a process used to identify and report slow or failing components that may cause outages or other problems. CIS’ Albert is one network monitoring solution that provides automated alerts on both traditional and advanced network threats, allowing organizations to respond quickly when their data may be at risk.

How it works:

  • A sensor (or sensors) are placed on the organization’s network

  • Data anomalies are reviewed for malicious activity or data exfiltration

  • CIS’ 24/7 Security Operations Center will notify the organization of any and all threats detected on the network.

Albert network monitoring is available for U.S. state, local, tribal, and territorial entities including publicly owned power utilities.

Learn more about network monitoring from CIS

4 Ways Network Monitoring Keeps Utilities Safe

It’s no secret that people are concerned about the security of the U.S. power grid. Cyber criminals…

Read More

4 Major Reasons Power and Utilities Should Work in the Cloud

It’s time for power and utilities to move to the cloud - here are 4 major reasons why.

Read More

Cybersecurity Strategies the U.S. Power Grid Should Apply

A multifaceted approach to cybersecurity can help power utilities provide defense against similar attacks.

Read More
View All
Sign-up for
POWER Magazine's
DecisionBriefs
Monthly e-Newsletter!
Email is required