Cybersecurity experts have long warned of the dangers of hackers gaining access to the power grid. It turns out that Russian hackers have gained access to the control rooms of US power companies and that the attack is likely still ongoing, according to the Department of Homeland Security.
The attack, by a state-sponsored hacker group called Energetic Bear, was well thought-out and pervasive, even gaining access to isolated networks. DHS says there are hundreds of victims, though they haven’t named them, and there could be even more due to the fact that Energetic Bear uses employee login information, making it harder to detect suspicious activity.
Energetic Bear was able to access utilities’ networks by hacking vendors first with tried and true methods such as spearphishing and fake websites to capture login credentials. From there the hackers were able to access the utility networks and soak up as much information as possible. They learned everything from what kind of equipment was used to how they were configured, letting them get familiar with how everything works in order to make their activities look normal.
It’s not known if systems are clean, either. Given how invasive and quiet the attacks were, systems could still be infected or there could be backdoors ready to be exploited. The fact that Russia could turn our lights off at any time should be a wakeup call for utilities to be more selective in selecting their vendors.
Are your employees trained in preventing hacks? If not, click here and make sure they are.