There’s a growing threat to the power grid prompting a number of Australians to consider solar – Hackers. Sound far fetched? Let’s read on.
Hackers Now Targeting Power Grids
There’s a growing threat to the power grid that’s prompting a number of Australians to consider solar – Hackers. It’s one of the reasons why some of us are becoming preppers. Many of us laugh at these extreme predictions however the threat is real. Many fear it could bring households and businesses to its knees when significant power outages are achieved. With the improvements in the efficiency and cost of solar batteries, preparing to be self-sufficiency is becoming an attractive option. While power generators may be in use for large-scale corporations and businesses that require electricity to be always available, solar batteries are an option for small businesses and households. Battery stored power can at least help us be self-sufficient for the short-term when required.
An anonymous hacking group known to target industrial systems is now attacking power grids around the world. But what does this mean for us here in Australia and can it be prevented?
It is believed that the group of hackers attacked the ICS (industrial control systems) of a Saudi Arabian petrochemical plant. But the industrial cybersecurity company Dragos says the list of victims is getting longer and it includes power grids in Australia.
The hacker group in question (called Xenotime) became known after an incident in 2017. Back then, the group was involved in infecting the previously-mentioned Saudi Arabian petrochemical plant with malware (called Trisis, HatMan, or Triton). The malware was specially designed to obstruct industrial safety systems.
In particular, the malware interfered with the ESD systems (emergency shutdown systems). Security companies forewarned that hackers could cause physical harm and even shut down operations. According to experts, such activity is equivalent to a state’s preparation for an attack. Later, the security company FireFly conducted analysis and connected this hackers’ attack to a state-funded research laboratory located in Russia. In addition, the company said that they discovered the same malicious software at another company.
Solar is no longer about saving and making money alone, it’s about security. The security company Dragos now warns that Xenotime is no longer focused only on gas and oil and has begun probing power networks located in Asia-Pacific and the States.
According to Dragos, the attack on the gas and oil facility in Saudi Arabia was actually an upsurge of ICS attacks. After that attack, Xenotime has expanded and targeted gas and oil companies in other parts of the world. In 2018, the hacking group attacked a number of ICS manufacturers and vendors.
After the 2017 attack, Xenotime has started research and scanning on possible targets which are mostly located in Europe and North America. At the beginning of 2019, the hacking group attempted to gather information related to Asia-Pacific and US electricity plants.
Dragos’ analysts believe that such behaviour could be a sign that the hacking group is planning a cyber attack on a larger scale. The group also attempted to use lists of stolen passwords and usernames in order to enter target accounts; however, so far, these attempts have been unfruitful. Nevertheless, Xenotime’s interest in power grids shouldn’t be taken lightly as their final goal is to compromise safety.
Dragos’ experts say that for now, the hacking group’s activity is mainly focused on gathering information and gaining access to operations necessary for an intrusion into industrial control systems in the future. However, there’s no proof that the hackers are actually able to execute a full-scale disruptive attack on power grids.
Still, the security company says that all ICS-related firms and organisations should be prepared for potential intrusions. Security teams need to be aware that ICS attacks are very probable and could happen at any time. They should think about solutions in case of loss of SIS integrity; for instance, creating an on-call incident response teams, process and configuration data to be used for comparison to other compromised devices, as well as means to facilitate recovery in case of a breach. All these are complex and sensitive operations and for that reason precisely, they must be taken into consideration in advance.
The ICS infrastructure runs everything from rail networks and factories to power grids, and that’s why these threats must be taken seriously. Experts are warning that hacking attempts are on the rise. Enemies are investing in the ability to intrude into crucial infrastructure such as gas and oil, water and electricity.