Hackers eyeing to disrupt power grids, electricity and other utilities across US: Dragos
If the latest report on the state of industrial control systems is to be believed, at least three hacking groups have the capability to interfere with or disrupt power grids across the US. It also brings along the fact that the number of cyber-criminal operations targeting electricity and other utilities is on the rise.
Cyber security company Dragos said that political and military tensions in the Gulf appear to coincide with a rise in interest in hacking groups targeting electricity grids, power companies and other systems related to utilities in the US.
"The threat landscape focusing on electric utilities in North America is expansive and increasing, led by numerous intrusions into ICS networks for reconnaissance and research purposes and ICS activity groups demonstrating new interest in the electric sector," warned its North American Electric Cyber Threat Perspective report.
The report notes while the security researchers are tracking seven groups that target electrical facilities in North America, three of them have demonstrated the capability to "infiltrate or disrupt" electrical power networks.
Dragos however has not attributed which nation states or cyber-criminal groups could be behind these attacks, but the company has outlined three operations that show evidence of disruption capabilities: Xenotime, Dymalloy and Electrum.
Xenotime is the hacking group behind the Triton cyber attack that disrupted oil and gas facilities in Saudi Arabia in 2017. This attack was tailored towards Triconex safety controllers and researchers warn that this incident "represented an escalation of ICS attacks due to its potential catastrophic capabilities and consequences".
Dymalloy is described as a "highly aggressive and capable activity group" with the ability to achieve long-term and persistent access to IT and operational environments for both intelligence-gathering and possible disruption. Victims of the group's hacking campaigns have already been discovered in Turkey, Europe and North America. It's also been suggested that Dymalloy has links to the Dragonfly hacking group.
The third group, Electrum, is also described as "capable of developing malware that can modify electric equipment processes" and ICS protocols. While it mostly focused previous attacks on Ukraine – including causing power outages in winter – it is described as well-resourced and Dragos warn that the group is capable of physically disruptive events.
"North American electric utilities should consider Electrum to be a serious threat," warns the paper.
While there have been some minor improvements in the security of these systems, as the report states but there's still more to be done.