"Cyberattacks on critical infrastructure have become a key element of this conflict" - expert commentary on the Russian hacking attack on the largest private energy conglomerate by cybersecurity specialist Claroty.
The DTEK Group, which owns coal and thermal power plants in various parts of Ukraine, says it has been the target of a Russian hacker attack. A group called XakNet wanted to destabilize the energy operator's technological processes, spread propaganda about the company's activities and leave Ukrainian consumers without electricity.
Ukrainian electricity supplier attacked
The same Russian hacking group allegedly targeted electrical installations in an area that supplies 2 million people in Ukraine back in April. However, the hack was foiled by the Ukrainian authorities.
Galina Antova, co-founder and Chief Business Development Officer of Claroty: “We have known for years that Russian cyber attackers lurk in critical infrastructure networks. The alleged attack on the DTEK Group shows how entire sectors of the economy can be damaged in an emergency. But it also demonstrates how privately owned critical infrastructure has become a prime target for government cyberattacks, which means business leaders in the private sector must play a critical role in national security.”
Many (I)IoT vulnerabilities make it easy
“In addition, there are numerous vulnerabilities in the area of the extended Internet of Things (XIoT), which encompasses cyber-physical systems (CPS) in industry (OT), healthcare (IoMT) and enterprise (IoT). The last six-monthly ICS Risk & Vulnerability Report showed a 110 percent increase in reported security vulnerabilities over the past four years. The federal government and the cyber experts are aware of the dangers for the critical infrastructure. In 2021, for example, Germany passed the second law to increase the security of information technology systems, which obliges KRITIS companies to take more IT security measures. Unfortunately, this is interpreted by many companies in such a way that there was no risk before the laws came into force. The currently often inadequate cyber defenses of these companies give rise to doubts as to whether the risk potential has been fully understood by business executives. It is high time to take appropriate measures,” adds Max Rahner, Senior Regional Director DACH + CEE at Claroty.
Cyber attack combined with weapon attacks
The hacking incident coincided with Russian shelling of a DTEK-owned thermal power plant in Kryvyi Rih in central Ukraine. Microsoft pointed out in an April report that Russian hacking attacks are sometimes used in conjunction with kinetic military strikes.
"There is no doubt that cyberattacks on critical infrastructure have become a key element of this conflict, with cyberattacks and kinetic attacks potentially coexisting, as Microsoft pointed out," Galina Antova said. “The reality is that most critical infrastructures are highly vulnerable because they rely on legacy assets with decades of lifecycles, outdated security controls, and vulnerabilities that are difficult or impossible to fix. And as these legacy industrial networks increasingly connect to IT networks, the cloud and other connected devices, new forms of cyber risk are emerging.”
More at Claroty.com
About Claroty Claroty, the Industrial Cybersecurity Company, helps its global customers discover, protect and manage their OT, IoT and IIoT assets. The company's comprehensive platform can be seamlessly integrated into customers' existing infrastructure and processes and offers a wide range of industrial cybersecurity controls for transparency, threat detection, risk and vulnerability management and secure remote access - with significantly reduced total cost of ownership.