There is an increased focus on cybersecurity among governments and energy and utilities organizations worldwide, and for good reason. Attacks on critical infrastructure such as fuel, electricity and drinking water carry the potential for damage far beyond their economic impact. As demonstrated by incidents such as the notorious shutdown of several Iranian nuclear centrifuges by Stuxnet in 2010, and the Shamoon malware attacks in November 2016 and January 2017 against Gulf state organizations, the stakes for energy and utilities companies are higher than ever. The health and welfare of whole nations could potentially be at risk.

Attackers Set Their Sights on Industrial Control Systems

A great many industrial control system (ICS) configurations, including SCADA systems, distributed control systems (DCS) and programmable logic controllers (PLCs), are operating in the energy and utilities industry. In December, IBM X-Force Threat Research reported that attacks targeting ICS systems increased by more than 110 percent in 2016. At midyear 2017, attacks are projected to equal or possibly surpass the volume observed in 2016.


Source: IBM Managed Security Services data, Jan. 1, 2013 to July 15, 2017.

The Who and the How

In the energy and utilities sector, IBM Managed Security Services (MSS) 2016 data revealed that unintentional and malicious attacks were made up of 60 percent outsiders and 40 percent insiders. Within the insider group, there were more inadvertent actors (24 percent) than malicious insiders (16 percent).


Source: IBM Managed Security Services data, Jan. 1 to Dec. 31, 2016.

IBM MSS analysis of 2016 data also revealed that the top attack vector, which involved the use of malicious input data to attempt to control or disrupt a system, targeted 60 percent of the energy and utilities clients monitored by IBM X-Force. That figure was notably higher than the 42 percent average across all industries.


Source: IBM Managed Security Services data, Jan. 1 to Dec. 31, 2016.

More Resources for Energy and Utilities Companies

From network break-ins to ransomware to seizing control systems, attacks against energy and utilities companies are on the rise. A proper assessment of information security risk is critical to the effective direction of your IT investment, critical assets and utilization of resources.

Refer to the IBM report, “Energy and Utility Companies: Targeted on All Sides,” for recommendations to consider when making strategic decisions to help safeguard your business.

Read the complete Report: Energy and Utility Companies — Targeted on all sides

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

4 min read

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

4 min read

Detections That Can Help You Identify Ransomware

12 min read - One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

12 min read

How to Report Scam Calls and Phishing Attacks

5 min read - With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…

5 min read