Power providers experience a sharp increase of 42% in ransomware incursions

In a recent report titled "Uncovering Critical Cyber Threats to Utilities," cybersecurity firm ReliaQuest has highlighted the growing risks facing the utilities sector. The report, published on December 10, 2023, covers cyber threats from November 1, 2023, to October 31, 2024.

One of the key findings of the report is the rise in ransomware attacks on utilities, which has increased by 42% over the past year. Ransomware groups like Play and Storm-0501 have intensified their attacks against utility organizations, with Play marking a 233% rise in successful attacks, making it second only to LockBit.

The report also reveals that spear phishing is the most common method used in ransomware attacks on utilities, accounting for 81% of true-positive alerts from utility customers, compared to a 23% observed across all sectors. Credential theft, while still a concern, ranks lower than domain impersonation, constituting an unspecified percentage of true-positive alerts.

Open ports in the utilities sector constituted 9% of all true-positive alerts among ReliaQuest's customers, up from 7% in the same period last year. Cyber attackers in the utilities sector frequently impersonate domains, accounting for 57% of all true-positive alerts, an increase from 48% in the same period last year.

The transition to renewables may offer new cyber threat opportunities, according to ReliaQuest's forecast assessments for the utilities sector. Water companies are also at risk as OT hacktivism continues to evolve. The Iranian threat to US utilities is heightened amid Trump's support for Israel, according to the same forecast assessments.

Moreover, the report suggests that the incoming Donald Trump administration's hawkish stance on China and proposals to impose high tariffs on Chinese goods may lead Beijing to allow groups like Volt Typhoon to intensify their offensive operations against US utility providers. The Chinese nexus group Volt Typhoon is accused by US federal agencies of conducting disruptive and destructive cyber-attacks against US critical national infrastructure (CNI).

The rise in ransomware attacks is due to cybercriminals targeting companies with a blend of IT and operational technology (OT) systems. As the utilities sector continues to digitalise and integrate these systems, the risk of cyber attacks is likely to increase.

The report serves as a reminder for utility providers to strengthen their cybersecurity measures and stay vigilant against the evolving threats in the digital landscape.