Story image

Germany infiltrated by Russian group that crippled Ukraine’s power

09 May 2018

In modern global countries, electricity goes without saying – it’s just there.

But news has emerged that reveals it’s not quite as secure as you might think. One of the largest daily newspapers in Germany (Süddeutsche Zeitung, also known as SZ) published an article last week that claimed Russian threat actors had "infiltrated the networks of at least two energy providers in Germany."

The article was confirmed by three independent sources and also attests that the Russian group in question is the same one that attacked the Ukrainian power grid in 2015 and 2016, known as Sandworm.

In the Ukraine case, hackers managed to breach the computer systems of a number of power operators to effectively cut the supply to the city, making it one of the most effective hacking cases the world has ever seen – so well choreographed in fact that experts asserted only a government could be behind it.

The same hackers apparently succeeded in penetrating the networks of at least two German energy providers in the summer of 2017, albeit in the early stages.

CyberX industrial cybersecurity VP Phil Neray says this news shows that Russian threat actors have expanded their critical infrastructure targets beyond the Ukraine – and beyond the U.S. – to include western Europe.

“It's not surprising given Russia's stated strategy of leveraging cyber to exert its geopolitical muscle on the global stage. The recent FBI/DHS alert confirmed that Russian cyberattackers have successfully compromised U.S. critical infrastructure since at least 2016,” says Neray.

“Industrial control networks are notoriously insecure. According to CyberX's ‘Global ICS & IIoT Risk Report,’ which analysed traffic data from 375 production industrial control networks worldwide, 60% of industrial sites are still using plain-text passwords and 3 of 4 are still running outdated versions of Windows like Windows XP and Windows 2000.”

In terms of how we can prevent these attacks from happening to critical infrastructure, Neray is adamant.

“Industry best practices suggest that continuous monitoring with behavioral analytics is a key way to identify and stop these attacks during the early cyber reconnaissance stage – before attackers can launch more destructive or disruptive attacks like the ones we've seen in both the Ukraine and Saudi Arabia,” Neray concludes.

The possibilities and potential implications of a hacked power grid are infinite as aforementioned, we have come to rely on it as always being there. Due to the increasing networking of modern power systems, cybercriminals could not only disrupt the supply but also selectively damage it.

Without electricity there would be no trains, no ATMS, no water, no heating or flushing… the list goes on.

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.