Utility companies are facing a substantial rise in cyber threats, with ransomware attacks up by 42% over the past year, according to a report from ReliaQuest. The report, released on December 10, 2024, outlines a troubling trend of cybercriminals increasingly targeting utility organizations. These attacks exploit the vulnerabilities of systems that blend both IT and operational technology (OT). The growing focus on utilities is largely attributed to the sector’s critical need for constant operation, making them more likely to pay ransoms quickly to avoid downtime.
The report highlights that Play, one of the largest ransomware-as-a-service (RaaS) cartels, has significantly ramped up its attacks on utilities, with a 233% rise in successful attacks in 2024. This surge in activity underscores the growing appeal of utilities to cybercriminals, given their essential role in infrastructure and the urgency they often face in restoring services. The ability to compromise industrial systems, such as Supervisory Control and Data Acquisition (SCADA) systems, is of particular concern, as these systems control critical infrastructure and can be vulnerable to exploitation.
One of the primary methods of attack is spear phishing, which has dominated the cyberattack landscape against utilities. According to ReliaQuest, spear phishing accounted for 81% of the successful alerts related to the sector, a significant increase compared to the 23% seen across all sectors. The report attributes this high percentage to the unique position of utility employees, who often have access to both IT and OT systems. This dual access, combined with typically weaker cybersecurity defenses in OT systems, makes utilities particularly vulnerable to targeted spear phishing attacks.
In addition to spear phishing, cybercriminals are using techniques such as domain impersonation, credential theft, and exploiting open ports to gain access to utility networks. The report notes that domain impersonation is the most common technique, responsible for 57% of all true-positive alerts. Open ports, which allow attackers to infiltrate systems, have also risen as a notable attack vector. The increasing prevalence of these tactics highlights the urgent need for enhanced cybersecurity measures within the utilities sector to protect critical infrastructure from malicious actors.
Reference:
