Story image

Germany infiltrated by Russian group that crippled Ukraine’s power

09 May 2018

In modern global countries, electricity goes without saying – it’s just there.

But news has emerged that reveals it’s not quite as secure as you might think. One of the largest daily newspapers in Germany (Süddeutsche Zeitung, also known as SZ) published an article last week that claimed Russian threat actors had "infiltrated the networks of at least two energy providers in Germany."

The article was confirmed by three independent sources and also attests that the Russian group in question is the same one that attacked the Ukrainian power grid in 2015 and 2016, known as Sandworm.

In the Ukraine case, hackers managed to breach the computer systems of a number of power operators to effectively cut the supply to the city, making it one of the most effective hacking cases the world has ever seen – so well choreographed in fact that experts asserted only a government could be behind it.

The same hackers apparently succeeded in penetrating the networks of at least two German energy providers in the summer of 2017, albeit in the early stages.

CyberX industrial cybersecurity VP Phil Neray says this news shows that Russian threat actors have expanded their critical infrastructure targets beyond the Ukraine – and beyond the U.S. – to include western Europe.

“It's not surprising given Russia's stated strategy of leveraging cyber to exert its geopolitical muscle on the global stage. The recent FBI/DHS alert confirmed that Russian cyberattackers have successfully compromised U.S. critical infrastructure since at least 2016,” says Neray.

“Industrial control networks are notoriously insecure. According to CyberX's ‘Global ICS & IIoT Risk Report,’ which analysed traffic data from 375 production industrial control networks worldwide, 60% of industrial sites are still using plain-text passwords and 3 of 4 are still running outdated versions of Windows like Windows XP and Windows 2000.”

In terms of how we can prevent these attacks from happening to critical infrastructure, Neray is adamant.

“Industry best practices suggest that continuous monitoring with behavioral analytics is a key way to identify and stop these attacks during the early cyber reconnaissance stage – before attackers can launch more destructive or disruptive attacks like the ones we've seen in both the Ukraine and Saudi Arabia,” Neray concludes.

The possibilities and potential implications of a hacked power grid are infinite as aforementioned, we have come to rely on it as always being there. Due to the increasing networking of modern power systems, cybercriminals could not only disrupt the supply but also selectively damage it.

Without electricity there would be no trains, no ATMS, no water, no heating or flushing… the list goes on.

Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.