Energy companies in the UK and Ireland should prepare now to repel a growing number of ransomware attacks
December 3, 2020
Accenture’s recent 2020 Cyber Threatscape report touched on some vitally important trends in the energy, mining and utilities sectors in the UK and Ireland. This includes malicious actors’ taking advantage of COVID-19 to facilitate attacks, but notably their pivot to the business of ransomware. There are a number of examples of ransomware attacks in the energy sectors, including a US water utility.
Fortunately, there is a clear path to protection, which I outline below. But first, let’s look into the characteristics of this new trend in cyber attacks.
<<< Start >>>
<<< End >>>
Some groups such as WIZARD SPIDER and INDRIK SPIDER seem to be adding advanced ransomware to their existing arsenal of banking trojans. The criminals behind WIZARD SPIDER appear to have developed their own ransomware, Ryuk, and are using their banking trojans TrickBot or Emotet to drop/deploy it. Similarly, according to the CrowdStrike 2020 Global Threat Report, a new group split off from INDRIK SPIDER to form DOPPEL SPIDER, which uses a banking trojan called DoppelDridex as a dropper.
As noted in our 2020 Threatscape report, the ransoms paid so far in 2020 have risen by about 60 percent, up to an average of $178,254. In addition, top ransomware demands have grown steadily, with the highest demands, as reported by CrowdStrike, rising to $12.5 million (in a case involving Ryuk ransomware). As with any type of breach, keep in mind there is significant reporting bias in such numbers.
A new trend emerging is that some malicious actors are now delaying disruptions, giving them time to determine how much ransom an organisation can pay. Others incorporate destructive capabilities in their arsenal, including LockerGoga and MegaCortex, as reported in the 2020 IBM X-Force Threat Intelligence report. Thus the trend is clear: Not only are energy sector clients under threat from the usual bad actors, there is a significant shift—organised crime looking for payouts across new industries beyond their usual target industries through their own ransomware, or by renting it out on a profit-sharing basis.
Operators of critical national infrastructure in the energy sector should take into account the very real risk of large-scale disruption. When NotPetya hit Maersk in 2017, CEO Søren Skou said the impact of the breach was in the neighbourhood of $300M. This illustrates several lessons:
To add to the challenges, organisations operating in the critical national infrastructure space are increasingly subject to cyber security regulations, including the NIS Directive (which mandates breach notification), privacy regulations such as General Data Protection and more.
As operators of critical national infrastructure, our clients in the energy and utilities sectors should approach cyber security with a mindset that any one control can and probably will be compromised. Even with strong perimeter controls through firewalls, intrusion prevention and similar measures, bad actors will likely leverage other methods, including social engineering via phishing, spearfishing or guessing/harvesting user credentials.
Focus on a robust approach to security, and therefore resilience. This means:
As our Cyber Threatscape Report also notes, OT environments are increasingly in the crosshairs of criminals. With organised threat actors moving into destructive capabilities, this takes an even higher priority. These attacks can bring significant implications for human life and welfare. Keep this in mind and check the NCSC’s ransomware guidance.
Do all this before you’re breached.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Copyright © 2020 Accenture. All rights reserved. Accenture, and its logo are trademarks of Accenture.
This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative. Given the inherent nature of this document, the content contained in this article is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this article. This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.