Utility Companies Face 42% Surge in Ransomware Attacks


Ransomware groups are focusing more than ever on utilities, with the sector facing a 42% surge in attacks over the past year, according to ReliaQuest.

In its latest report, Uncovering Critical Cyber Threats to Utilities, published on December 10, the US cybersecurity firm shared findings of cyber threats to the utilities sector between November 1, 2023, and October 31, 2024.

The report shows that the rise in ransomware is due to cybercriminals setting their eyes on companies that have to deal with a blend of IT and operational technology (OT) systems.

In dark web forums, initial access brokers (IABs), ransomware operators and other cybercriminals increasingly talk about compromising industrial systems.

These conversations include detecting exposed Supervisory Control and Data Acquisition (SCADA) systems or selling zero-day vulnerability exploit access to Internet-of-Things (IoT) system that controls OT devices using industrial control protocols.

The report mentioned that Play, currently one of the largest ransomware-as-a-service (RaaS) cartels, was particularly interested in targeting utilities.

Utilities companies named per ransomware group compared to the all-sector average. Source: ReliaQuest

Second only to LockBit, Play (aka PlayCrypt) has intensified attacks against utility organizations in 2024 like no other group, marking a 233% rise in successful attacks.

This appeal of utility organizations is due to their need to always be operational and, thus, their potential willingness to pay the ransom quicker.

“The possibility of threat actors gaining access to OT systems is likely a major concern for security teams in utility organizations, so discussions on cybercriminal forums about searching for and targeting these systems, as well as selling access to them, is particularly disconcerting,” reads the report.

Initial Access: Spear Phishing Largely Dominates

The significant dominance of spear phishing in the overall number of cyber-attacks over the reported period suggests that ransomware groups precisely target utilities.

According to ReliaQuest’s GreyMatter data, 81% of true-positive alerts from utility customers involved spear phishing – a significantly higher share than the 23% observed across all sectors during the same period.

“This trend is likely explained by the unusual position of utility employees, who often have access to both IT and operational technology (OT) environments,” the report reads. “With their legacy infrastructure and the critical need to avoid downtime, OT systems typically have weaker cybersecurity defences. This means attackers can use spear phishing to more easily exploit these vulnerabilities.”

Domain Impersonation, Credential Exposure and Open Ports

Impersonating domains is the top technique cyber attackers use to compromise their targets in the utilities sector, constituting 57% of all true-positive alerts, up from 48% in the same period last year.

Percentage of ReliaQuest’s GreyMatter alerts for the utilities sector. Source: ReliaQuest
Percentage of ReliaQuest’s GreyMatter alerts for the utilities sector. Source: ReliaQuest

This technique is followed by credential theft and open ports.

“During the current reporting period, open ports constituted 9% of all true-positive alerts among our customers, up from 7% in the same period last year. Additionally, open ports ranked fourth in frequency for both periods, showing that this attack vector remains popular with threat actors,” the report added.

Cyber Forecast for the Utilities Sector

Another threat to utilities, the state-sponsored attack, was best illustrated by the Chinese nexus group Volt Typhoon, accused by US federal agencies of conducting disruptive and destructive cyber-attacks against US critical national infrastructure (CNI).

ReliaQuest believes that with the incoming Donald Trump administration’s hawkish stance on China and proposals to impose high tariffs on Chinese goods, it is highly likely that Beijing will allow groups like Volt Typhoon to intensify their offensive operations against US utility providers.

Other ReliaQuest forecast assessments for the utilities sector include:

  • A heightened Iranian threat to US utilities amid Trump’s support for Israel
  • Water companies at risk as OT hacktivism continues to evolve
  • New cyber threat opportunities offered by the transition to renewables

Read now: Securing Energy and Utility Sectors Amid CNI Cyber Threats



Source link

Leave a Comment