.
S21sec, one of Europe’s leading cybersecurity providers, has published its Threat Landscape Report, which provides an overview of the most relevant threats in the first half of 2022. According to the study, which aims to analyze the main vulnerabilities and cyber risks in sectors worldwide, during the first six months of the year the energy sector has been the victim of numerous incidents caused by entities with different motives. Of note is the increase in cyberattacks aimed at destroying or paralyzing electrical infrastructure to cause the greatest possible damage.
The S21sec Intelligence team concludes that, among the most significant attacks during the first half of the year, those that took place in February stand out. The European energy sector has suffered a series of cyberattacks targeting, among others, German, Belgian and Romanian companies. In addition to these, there were other incidents aimed at attacking critical infrastructure, such as the ransomware which affected a large Italian group and left their IT systems inoperative.
During the month of February, most of the attacks recorded on this sector targeted companies in the supply chain, suppliers and facilities or support systems, triggered by cybercriminals with mainly economic motivations. Due to the magnitude of the consequences, cyberattacks on critical infrastructure systems have become one of the greatest dangers to society, even causing the paralysis of public services and situations of shortage of supply.
“We must bear in mind that a country’s energy infrastructures are considered critical infrastructures and that an attack against them can pose risks not only to the company being attacked, but also to the public”.
Hugo Nunes, head of the Intelligence team at S21sec in Portugal.
In this context, the S21sec study concluded that there were at least 43 attacks of ransomware against companies in the energy sector since January 2022. In Portugal, one of the most impacting cyberattacks occurred in May on a company in the Azores and affected its information systems, namely the commercial system, for several days.
The energy sector, one of the main sectors affected by the war
Since the beginning of the war, after the Russian invasion of Ukraine, cyber threats targeting the energy sector and critical infrastructure have been increasing and attackers have expanded their targets to other European countries, especially those providing support to Ukraine. Thus, Russian-aligned entities have threatened to conduct operations in cyberspace in retaliation for alleged cyber offensives against the Russian government, as well as targeted attacks against countries and organizations that have positioned themselves on the opposite side.
“The vast majority of attacks observed during the development of hybrid warfare consisted of website defacement and DDoS attacks (triggered by hacktivists), leaks of databases and confidential information from government agencies and critical infrastructures and also by the use of specific malware (wipers) with the aim of destroying or erasing data from critical systems in this sector”.
Hugo Nunes, head of the Intelligence team at S21sec in Portugal.
In the initial phase of the conflict between Russia and Ukraine, three cyberattacks were recorded on European wind power companies by ransomware groups that declared themselves in solidarity with the Russian government, such as Conti and Black Basta. It is worth noting that, although the incentive behind these groups is generally economic, it cannot be excluded that they were also politically motivated, with the aim of disrupting the functioning of energy production companies in Europe.
Also early in the conflict, Blackcat ransomware, linked to Russian cybercriminal groups, targeted companies involved in the production and transport of oil and gas. O ransomware-as-a-service Blackcat, which became active in November 2021, is mostly distributed via email. When the victim downloads and opens the email attachment, the malware starts running on the machine and later on, various sophisticated techniques are used with the ultimate goal of encrypting the organization’s files.
“One of the particularities of Blackcat is the use of the triple extortion technique in an attempt to add even more pressure on the need for the victim to pay the ransom. In addition to encrypting data within the organization, exfiltrating information and threatening to publish it on its blog on the Deep Web, there is also the threat of executing distributed denial-of-service (DDoS) attacks if the victim does not pay the ransom. request.”
Hugo Nunes, head of the Intelligence team at S21sec in Portugal.
Other interesting articles:
.
