Dec 3, 2021
120 Views
0 0

Expert comment: CS Energy ransomware attack

Written by

On Tuesday, energy generator CS Energy, which is owned by the Queensland government, fell victim to a ransomware attack that impacted operations. The incident occurred over the weekend, in yet the latest cyber threat to target critical infrastructure.
As per the organisation’s announcement, the incident occurred on CS Energy’s corporate network and has not impacted electricity generation at our Callide and Kogan Creek power stations. Our power stations are continuing to generate and dispatch electricity into the National Electricity Market.
CEO Andrew Bills said CS Energy’s focus was on restoring the security of its network and supporting employees, customers and business partners with any questions they may have.
“CS Energy moved quickly to contain this incident by segregating the corporate network from other internal networks and enacting business continuity processes,” Mr Bills said.
Commenting on the news, Robert Golladay, EMEA and APAC director at Illusive, said:
“While we don’t yet know what the attackers were after, we do know that we are experiencing a (seemingly) neverending and higher frequency number of ransomware attacks.  All ransomware attacks are characterised by two “signature” moves once they breach a network: exploiting privileged identities and moving laterally in the network. And this type of attack is exploding because it works – critical national infrastructure is seen by these criminals as easy money.  Power plants such as these can’t afford to experience any downtime, which increases the likelihood that they will pay the ransom in order to restore operations.  With that said, these ransomware attacks are preventable. The current approach to ransomware defence tends to be a passive one.  Companies are (rightly so) using Endpoint Detection and Response (EDR), patching, backing up regularly, protecting an increasingly hard to define perimeter. But we have to go further — attacker creativity, shared tactics and resources require an equally creative, proactive and imaginative set of tactics.
Identity risk has to be managed and organizations should be continuously discovering and remediating exploitable identity risks.  And for that part of the network where this is impossible, deploying deception technology is a requirement in any modern security strategy.  And in so doing, we stop attacks in their tracks.”
Andy Norton, European cyber risk officer at Armis, added:
“In recent months, ransomware attacks targeting critical infrastructure have exhibited the intensifying threat of ransomware to operational technology (OT) assets, control & Cyber Physical systems. In fact, the attack surface organisations have to worry about these days is bewildering.
OT components are increasingly connected to information technology (IT) networks, offering a path for cyber actors to pivot from IT to OT networks. Given the prominence of critical infrastructure to national security protecting from unintended business consequences, safety, environmental disaster and significant monetary loss due to outage has far greater impact into society
Accessible OT assets are a striking target for malicious cyber actors seeking to disrupt critical infrastructure for profit or to advance geo-political objectives. As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect catastrophic cascading critical operational processes. Critical infrastructure asset owners and operators should adopt a heightened state of awareness and proactive measures to protect cyber physical infrastructures.”
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance

source

Article Categories:
Mobile Security

Comments are closed.