Cybersecurity fim Vectra has revealed that, while industrial control systems are in the crosshairs, most cyberattacks against energy and utilities firms occur and succeed inside enterprise information-technology (IT) networks, not in the critical infrastructure.
Published in Vectra's 2018 Spotlight Report on Energy and Utilities, these and other key findings underscore the importance of detecting hidden threat behaviors inside enterprise IT networks before cyberattackers have a chance to spy, spread, and steal. These threat behaviors reveal that carefully orchestrated attack campaigns occur over many months.
Cybercriminals have been launching carefully orchestrated attack campaigns against energy and utilities networks for years. Often lasting several months, these slow, quiet reconnaissance missions involve observing operator behaviors and building a unique plan of attack.
“When attackers move laterally inside a network, it exposes a larger attack surface that increases the risk of data acquisition and exfiltration,” said Branndon Kelley, chief information officer of American Municipal Power,a nonprofit electric-power generator utility that serves municipalities in nine states that own their own electric system. “It’s imperative to monitor all network traffic to detect these and other attacker behaviors early and consistently.”