The sky turns black and thunder is heard in the distance. You see the first crack of lightning, a flicker, and then the power goes out. But what if the power outage wasn’t due to the storm… As the Prykarpattyaoblenergo Utility in the Ukraine found out, it could be due to a cyberattack.
On December 23rd, hackers gained access to the utility’s system and cut power to over 225,000 customers for six hours. In order to get the power back on, the utility switched to manual operations to disconnect the workstations and servers from the grid.
Experts believe this was the first power outage caused by a cyberattack. And as the Obama administration focuses on the growing threat, it is warning power companies, water suppliers and transportation networks that the same attack that brought down the Ukraine’s utility could also be used on them.
So how did the utility fall victim to this cyberattack? American investigators concluded that the hackers first gained access by sending spearphishing emails to workers at the utility. As soon as someone mistakenly clicked on a link, it opened the door for the attack. They mapped the utility’s networks, used stolen credentials of system operators, and figured out how to switch off the breakers. In addition, they disconnected backup power supplies so the system couldn’t failover to keep the power on.
With the sophistication of these attacks, utilities in the U.S. must be on high alert as Obama has warned. So what steps can they take to prevent a similar attack? By incorporating an intrusion detection system or monitoring system along with Pathlock’s Cyber Governance solution as part of their overall cybersecurity plan, they could have uncovered the malware before it shut down the power. By leveraging baselining and user behavior analytics with these solutions, they will receive an alert when something out of the ordinary occurs. For example, the system learns that 10 IP addresses log in at a specific time of day, communicate with critical systems and perform specific activities. All of a sudden, a new IP connects to that critical system, sending requests and messages that have not been previously sent. This generates an alert.
If the Prykarpattyaoblenergo Utility had these solutions in place to find deviations from baseline behavior, they could have been alerted to indicators of an attack earlier and prevented it. Click here to learn more about how Pathlock’s Cyber Governance can alert you to areas of exposure.
Share
In July 2023, the U.S. Securities and Exchange Co...
The current regulatory compliance and cyber threat landscap...
by Jasmine Chennikara-Varghese For cyber awareness and thre...
Why the CFO Is Just as Responsible for Cybersecurity as the ...