Russia is about to hijack your power source. Could you lose power?


Refinery, pipeline and power grid operations are likely targets, experts said.

All types of critical infrastructure are at risk of attack, including transportation networks, gas and oil platforms, communication channels (radio/TV/internet infrastructure), emergency services (e.g., 911, law enforcement, first responders) and healthcare facilities, Darren Guccione, CEO of Keeper Security, a Chicago-based provider of zero-trust, zero-knowledge cybersecurity software, told TheStreet.

“However, we know that all kinds of businesses of all sizes are at risk,” he said. “No one should be complacent or assume they won’t be targeted because they run a small business. Malicious actors don’t discriminate.”

Nation-state actors and unaffiliated “hacktivists” seek to make public statements in support of political-social causes they sympathize with, Guccione said.

These cyber attackers wanted to prove their alliances even before Ukraine was attacked by Russia. Politico-social motives are the “only reason cybercriminals choose to attack critical infrastructure,” he said. “Cybercriminals who want money attack organizations that have it, like Nvidia. They don’t try to compromise power grids. When critical infrastructure is attacked, politico-social motives are at play.”

Utilities, transportation networks and hospitals have battled these issues for years and now the war has escalated things.

“These attacks are in addition to those perpetrated by cybercriminals who are simply looking for ways to make easy money,” Guccione said.

The most basic security protocols are often the ones targeted. Even a compromised password allows organizations to be hacked.

Cybercriminals from Russia or other countries could retaliate and attack US energy infrastructure, Guccione said.

“Once a cybercriminal has obtained a valid password, for example for the VPN, he holds the keys to the kingdom,” he said. “They can often bypass firewalls and intrusion detection systems.”

When companies do not segment their network or apply the principles of least privilege (zero trust), once a cybercriminal enters the network, a breach has occurred.

Scroll to continue

“They can go just about anywhere and steal whatever they want,” Guccione said. “We see a concrete example of what is happening right now with the Nvidia breach.”

Keep an eye on suppliers

Companies need to monitor access and reduce external access as much as possible, Josh Rickard, security solutions architect at Swimlane, a low-code security automation provider based in Boulder, Colorado, told TheStreet.

“Even systems that control or manage systems within an industrial control systems (ICS) network should not be exposed to the internet,” he said.

In the past, cyberattacks often started with attempts to phishing users with access to computer systems, Rickard said.

“These computer systems have some connection to the OT systems, which causes a trust/boundary issue,” he said. “This means you need to have a low-code security automation platform to respond effectively and quickly to reported phishing emails. This is only possible with large-scale automation.

The UKG/Kronos ransomware attack that affected the timekeeping and payroll functions of many businesses in late 2021 shows that even systems typically considered lower priority for a business can still cause significant disruption, Jacob Ansari, defender security and cyber trends analyst for Schellman, a Tampa, Florida-based security and privacy assessor, told TheStreet.

Thumb Colonial Pipeline

Companies should patch their software, isolate critical systems from network access as much as possible, apply strong network monitoring and control in front of ICS/SCADA systems where endpoint protection is not possible, and install protection endpoints, John Bambenek, principal threat hunter at Netenrich, a San Jose, Calif.-based IT operations and digital security company, told TheStreet.

Businesses not only need to make sure their own house is in order, but they also need to check that their suppliers, contractors and business partners are also exercising adequate security, Guccione said.

“Even if your cybersecurity is comprehensive, if one of your vendors’ security is lax and compromised, it can be used as a backdoor into your systems,” he said. “Cybercriminals often look for the weakest link as their primary attack vector.”

There are dozens of ways for a hacker or group of hackers to target U.S. energy infrastructure, including networks, phone systems, and websites, to disrupt high-level business operations or have an impact on consumers, Brian Contos, chief security officer of Phosphorus Cybersecurity in Nashville, Tennessee, which specializes in IoT/OT and other physical systems, told TheStreet.

Suppliers and other companies in the supply chain could be attacked to disrupt key materials and services in the power grid or oil/gas market without destroying a utility or pipeline.


About Author

Comments are closed.