Story image

Germany infiltrated by Russian group that crippled Ukraine’s power

09 May 2018

In modern global countries, electricity goes without saying – it’s just there.

But news has emerged that reveals it’s not quite as secure as you might think. One of the largest daily newspapers in Germany (Süddeutsche Zeitung, also known as SZ) published an article last week that claimed Russian threat actors had "infiltrated the networks of at least two energy providers in Germany."

The article was confirmed by three independent sources and also attests that the Russian group in question is the same one that attacked the Ukrainian power grid in 2015 and 2016, known as Sandworm.

In the Ukraine case, hackers managed to breach the computer systems of a number of power operators to effectively cut the supply to the city, making it one of the most effective hacking cases the world has ever seen – so well choreographed in fact that experts asserted only a government could be behind it.

The same hackers apparently succeeded in penetrating the networks of at least two German energy providers in the summer of 2017, albeit in the early stages.

CyberX industrial cybersecurity VP Phil Neray says this news shows that Russian threat actors have expanded their critical infrastructure targets beyond the Ukraine – and beyond the U.S. – to include western Europe.

“It's not surprising given Russia's stated strategy of leveraging cyber to exert its geopolitical muscle on the global stage. The recent FBI/DHS alert confirmed that Russian cyberattackers have successfully compromised U.S. critical infrastructure since at least 2016,” says Neray.

“Industrial control networks are notoriously insecure. According to CyberX's ‘Global ICS & IIoT Risk Report,’ which analysed traffic data from 375 production industrial control networks worldwide, 60% of industrial sites are still using plain-text passwords and 3 of 4 are still running outdated versions of Windows like Windows XP and Windows 2000.”

In terms of how we can prevent these attacks from happening to critical infrastructure, Neray is adamant.

“Industry best practices suggest that continuous monitoring with behavioral analytics is a key way to identify and stop these attacks during the early cyber reconnaissance stage – before attackers can launch more destructive or disruptive attacks like the ones we've seen in both the Ukraine and Saudi Arabia,” Neray concludes.

The possibilities and potential implications of a hacked power grid are infinite as aforementioned, we have come to rely on it as always being there. Due to the increasing networking of modern power systems, cybercriminals could not only disrupt the supply but also selectively damage it.

Without electricity there would be no trains, no ATMS, no water, no heating or flushing… the list goes on.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
Facebook fights fake news ahead of Africa elections
“We also show related articles from fact-checkers for more context and notify users if a story they have shared is rated as false.”
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.