Cybercriminals Are Now Targeting Critical Electricity Infrastructure
Several reports indicate that the Elexon attack relied on REvil/Sodinokibi ransomware, the same as was used in a cyberattack on financial company Travelex on New Year’s Eve 2019. The Travelex hack was traced back to a Russian hacking collective, and although it is notoriously difficult to attribute cyberattacks with certainty, it is likely that Elexon fell victim to the same hackers. On June 1, the hackers posted some of the stolen Elexon data online, in an attempt to pressure the company to pay the ransom.
A cybercrime pandemic
The attack on Elexon does not stand alone. As countries around the world have locked down, cybercriminals have launched attacks on a wide range of targets, mostly using ransomware. The lockdown-induced rise in home-working has been a big enabling factor, as lots of professional communication now takes place over the general internet, which is a lot more insecure than using a local company network with a firewall around it.
Critical infrastructures have been hit particularly hard. In recent months, cyberattacks have been launched on hospitals, coronavirus research facilities, ports, water supply infrastructure, and the Brussels-based ENTSO-E, the European Network of Transmission System Operators for Electricity.
This sort of infrastructure is in the crosshairs for two main reasons. First, cybercriminals bet that operators will be less hesitant to pay ransom than other targets, because the continued operation of electricity, water, hospitals and so on is so important.
But it’s also because their computer systems are often outdated. While it may seem paradoxical, the reason for this is the fact that critical infrastructures should always be available. When a system works fine, there is little incentive to change it, especially when changes to computer systems can easily lead to incompatibilities, errors or crashes. For instance, three years after the WannaCry attack, the NHS is once again exposed to an attack because many of its computers are still running on Windows 7, which is no longer supported.
Ransomware attacks are typically not very complicated. They make use of known software vulnerabilities that have already been patched, and the criminals specifically target those computers that have not been updated. These inherent vulnerabilities, combined with the lockdown-induced difficulties in balancing the electricity grid, mean that a more sophisticated cyberattack on Elexon could have had big consequences for the UK electricity system.
As it happens, the attack only affected Elexon’s internal IT systems, and the rest of the electricity system, as well as the electricity supply itself, was not affected. But this should force us to think about how vulnerable our critical infrastructure is to cyberattacks.
What would have happened if the attack had indeed affected the electricity supply? It would have seriously hindered the UK’s response to the pandemic, and it is possible that we would have struggled to get the power back up, as all resources are currently going into fighting the virus. In addition, it is unlikely that a lockdown without electricity and internet could be maintained for long. The fact that cybercriminals know this only makes our critical infrastructures more appealing targets.
Henri van Soest is Ph.D. Candidate in Land Economy, University of Cambridge. This article is published courtesy of The Conversation.
