Energy supplier Entega has fallen victim to a cyber attack. The good news for the time being: The critical infrastructure of the Darmstadt-based energy supplier is not affected – but the e-mail accounts of around 2.000 employees and the company's website are. Comments from Barracuda and FTAPI Software.
Cyber attacks happen when you least expect them.
“This time it probably hit the Hessian energy supplier Entega in the night from Saturday to Sunday. In order to be able to react as efficiently as possible, it is necessary to have emergency plans and clear responsibilities. A working backup can also be extremely helpful in the event of ransomware attacks. Criminal organizations like to use e-mail or web-based attacks as a gateway to paralyze critical systems in the internal network and confront the victim with a ransom demand. In this specific case, there should have been some functioning measures, since the energy supply is currently not affected. Considerable damage could still have been done, but it could have been worse. In order to be able to better protect employees against e-mail-based social engineering attacks, a combination of technical measures with training and awareness training is recommended. This is immensely important, because in case of doubt, a single person can trigger serious events with a single mouse click.
Of course, web applications and all other externally available applications must also be protected. A web application firewall is suitable for public systems – such as the company website. All services not intended for public use, such as remote maintenance access, always require separate protection with strong authentication methods. Especially with critical infrastructure, it is particularly important to prevent the internal spread of attacks and malware. It should always be assumed that an attacker might be able to penetrate the network. Network segmentation between IT and OT or within the OT network makes it particularly difficult for attackers to shut down systems even though they already have a foot in the door.”
"More security for energy suppliers - close the gateways."
“The attacks on the Darmstadt-based energy supplier Entega and Stadtwerke Mainz show once again that operators of critical infrastructure are becoming the targets of cyber attacks with increasing frequency. In view of the tense global political situation, utilities must react and invest in securing their systems.
In our opinion, the main focus should be on securing digital communication. Ransomware attacks via phishing e-mails are still among the most popular and unfortunately also the most promising attacks on utility companies: In e-mails that now look deceptively real, employees are asked to open e-mail attachments or external links that hide malware and, once opened, spreads across the entire system in seconds.
The systems of energy suppliers and KRITIS operators are very lucrative targets and the attacks are often planned well in advance. Attackers spy on internal and external communication in order to formulate e-mails that are deceptively real and thus gain access to the systems. The current cases in Darmstadt and Mainz also suggest that preparatory work was done for these attacks: Since it was not the critical infrastructure itself that was attacked, but the e-mail server, it can be assumed that the main target was access data. Cyber criminals often use these to gain access to critical systems.
Consistent end-to-end encryption of daily e-mail communication puts a stop to attacks by phishing e-mails that look deceptively real. It is no longer possible for attackers to read out relevant information and they are denied the basis for creating fake e-mails.”