Cyberattacks on electric utility companies like Energias de Portugal (EDP) and Northwest Territories Power Corporation (NTPC) suggest that threat actors are increasingly targeting this sector. Most of the recent attacks indicate a motive of financial gains, but some attackers have targeted such organizations for the motive of espionage and for causing failure as well.
Here are some recent cyberattacks on electric utility companies.
- In April 2020, the NTPC website was targeted an unknown hacker. They used the Netwalker ransomware to encrypt and lock the website and email system.
- Also in the same month, the Portuguese electric utility company EDP was targeted by cybercriminals using ‘RagnarLocker’ ransomware and was being extorted by cybercriminals for 1,580 BTC (approximately $14 million).
- In March 2020, it was revealed that sensitive data from the Ohio-based LTI Power Systems was stolen via a ransomware attack in late February, including equipment diagrams and schematics from two Ameren Missouri facilities.
- The South African electricity public utility company Eskom witnessed a cyber incident at its data center in March 2020, that involved data from Ameren Sioux Power Plant in West Alton and the Labadie Power Plant.
Recent surveys by some renowned agencies also indicate the risks faced by the electric utility companies.
- A cybersecurity report by Siemens and the Ponemon Institute indicates that over 50% of the global electric utilities with gas, solar, and wind-related portfolios (that were surveyed) are expecting at least one cyberattack on critical infrastructure by 2021.
- The ‘State of the Electric Utility (SEU) 2020’ survey by Utility Dive suggests that in over 36% companies, top-level executives, boards and managers might not be receiving the cybersecurity-related risk updates, while an almost similar percentage said that their organizations might not be applying system patches and upgrades on regular basis.
According to the guidelines provided by Siemens, electric utility companies should strictly control the access permission to the critical systems, and continuously monitor for any anomalies in normal activities, especially in the current scenario when the majority of the workforce is working from home. Having a detailed incident response plan can help organizations respond to the incidents of the cyberattack well.