The threat of cyberattacks on utility systems grows every week
The amount of time that utility computer networks have been exposed to a known exploit has skyrocketed in the past two months.
Security experts from WhiteHat Security called these changes “an important source of data” and a reminder that ransomware is far from the only threat to protect against.
The researchers analyzed the amount of time the industry remained vulnerable to known exploits for application vulnerabilities. The indicator is called the window of exposure (“window of vulnerability”, WoE). As specialists found out, WoE for the utility sector two months ago was 55% and already last month it grew to 67%.
According to expert Setu Kulkarni, such changes are associated with the transition of outdated systems to applications for the Internet. Utilities were required to provide business accessibility on the Internet in a short time frame. They have legacy systems that were designed to work with the company’s trusted customer service specialists, not self-service.
Utilities’ vulnerabilities are exacerbated by the growing practice of combining operating technology (OT) and Internet of Things (IoT) systems with internal operations, Kulkarni said.
“OT / IoT systems are connected to server systems, most of which are outdated. OT / IoT systems themselves are not adequately secured, and at the same time, legacy transactional systems were not designed to meet the scale and security needs of this hyperspace of OT / IoT devices, ”Kulkarni explained.
Cybercriminal groups brazen enough to launch an attack on a utility company are usually associated with a specific state. This, in turn, indicates that the hackers are highly skilled and well funded, making them dangerous adversaries.
It is difficult to defend against such attacks since attackers have the time and resources required to repeatedly check security measures and search for vulnerabilities, while other criminals prefer weak targets in search of profit.
Catch up on more articles here
Follow us on Twitter here