Cybersecurity firm says North Korean hackers may be targeting utilities
- Cybersecurity firm Dragos has seen a rise in targeted attempts to infiltrate utility systems, according to a report in The Daily Beast. The group behind them, "Covellite," may be linked to North Korea.
- Dragos' review of 2017 also notes hackers are getting more sophisticated and more dangerous to industry, with malware increasingly being used to target industrial control systems — with limited success so far.
- Last year, Dragos tracked 163 vulnerability advisories with an industrial control system (ICS) impact. The majority of these, however, could only be taken advantage of if the hacker had access to plant control systems.
Dragos' new research is a mixed bag for the utility industry. Increasingly, hackers and malware are targeting industrial systems and utilities, but thus far have had only marginal success, particularly in the United States. And most of the vulnerabilities would require gaining access to plant control systems.
Of those 163 ICS-related vulnerabilities, 85% of these are late in the "kill chain" and "are not useful to gaining an initial foothold," Dragos reports.
"If these vulnerabilities are exploited, it is likely the adversary has been active in the network for some time and already pivoted through various other systems."
But a spike in spear phishing — targeted attacks sent via email — is reason for concern. Daily Beast spoke with Dragos analyst Reid Wightman, who said the Covellite group is using techniques similar to the Lazarus Group, which has been tied to North Korea. Utilities targeted have been in the United States, Europe and part of East Asia.
The Wall Street Journal brings up a more familiar name — Schneider Electric. Hackers last year were able to penetrate the safety systems of a petrochemical plant in Saudi Arabia in part by taking advantage of an older device made by Schneider.But perhaps the most well-known utility hacks was the successful 2015 attack on Ukraine’s grid, which caused widespread blackouts and raised fears that the U.S. could be vulnerable to a similar attack.
Working to keep hackers at bay is a constant battle. Last month, the Trump administration announced it would establish a new office within the Department of Energy to focus on cybersecurity, energy security and emergency responses. The Edison Electric Institute, which represents investor-owned utilities, praised the new move and said the new office will play an "essential role in coordinating government and industry efforts."
A report from Accenture last year found almost two-thirds of utility executives globally believe their country faces at least a moderate risk of a cyberattack on the electric grid in the next five years. Just in North America, the number who say an attack is likely rises to 76%. Utility Dive's latest survey of utility professionals says respondents listed cybersecurity as a top concern, a recurrent theme from past surveys.
Follow Robert Walton on Twitter