The CFAA of 1986, was the first amendment to the computer fraud act in order to address hacking. It criminalizes accessing a computer without authorization or in excess of authorization.
CALEA of 1994, required telephone companies to rework their networks in order for law enforcement to have better access to lines, like the need for wiretapping.
By mid-2006, the Night Dragon attacks were beginning to take place. One of the first attacks to effect the energy sector specifically, seeking intellectual property and information. It is a Trojan backdoor that does not have worm capabilities. So it needed to be installed on different computers. The information that it was targeting was specifically regarding oil and gas field bids and operations.
Dimitri Alperovitch, Vice President of threat research at cybersecurity company McAfee, brought Night Dragon to light. Showing that the attack targeted more than 71 organizations, including national defense contractors, the UN, the International Olympic Committee, and other businesses across the world. There is some controversy about these attacks as it is stated that much of the code used is publicly available and therefore attributing all the attacks to one source may seem a bit far fetched.
Saudi Aramco was hit by the Shamoon virus in 2012. The virus deleted hard drives and forced the company to shutdown its network and destroy over 30,000 computers.
On Dec. 23, 2015, the Ukrainian power grid was attack, in which 230,000 consumers were without power for 1-6 hours. This was the first attack to bring down a power grid. The attack has been attributed to Russia by US officials.
The ENTSO-E represents 42 European transmission operators across 35 nations. They found evidence of a cyberattack on their office network and have been able to introduce fixes to avoid further attacks.
SolarWinds is not technically a supplier of energy, but they are included as they provide software that is often used in infrastructure operations. The system that was targeted is name "Orion" and nearly 33,000 customers use this system. In March of 2020, SolarWinds sent out updates to its customers that contained hacked code. This created a backdoor on each customer's system, allowing the attackers to gather information on an incredible about of businesses and agencies. The estimate is that 100 customers were truly effected, including, CISCO, Microsoft, and the Energy and Justice Departments of the federal government. These have been attributed to Russia now as well.
Energias de Portugal is the largest energy provider in Europe. Hackers stole 10 terabytes of data, including customer information and demanded $11 million in ransom. This hack was believed to be caused by a stolen password.
The UN's IMO sets global standards for international shipping, focusing on safety and security of shipping and prevention of pollution by ships. The website for the IMO went down due to the attack and at first it was believed to be an internal error. But after a few days of the site being unavailable, the learned that the were under attack. They report that the attack overcame sophisticated security, but have not released any details about it. They are no reports of data stolen or effected.
In February 2021, a water treatment plant in the small town of Oldsmar, Florida, was hit by cyber attacks twice. The hackers attempted to poison the water supply after accessing the plant's SCADA software remotely. The staff quickly noticed the manipulation and were able to thwart the attack. The attack most likely happened due to a password getting into the wrong hands.
A ransomware attack attributed to Darkside, who posted some of the information online, had stolen nearly 1000GB of data from COPEL, the Brazilian state owned utility. This info included key infrastructure details and personally identifiable information from management and customers.
The Brazilian Utility company was hit by a ransomware attack. The nuclear subsidiary Eletronuclear was the specific target, but the operational systems of the reactors were not affected. The attack was involved in the administrative systems, forcing them to shut down portions of the system to protect data.
Volue ASA is a Norwegian green energy company. They were the target of ransomware just days before the Colonial Pipeline attack. They did not pay any ransom and their cyber was able to handle the situation so that no personal data or "energy-sensitive data" was lost or stolen.
Colonial Pipeline carries oil to most of the Southeastern US. It was attack by ransomware, after getting access to one password. There was not 2-factor authentication in place. They paid $5 million in ransom, but the government was able to get back 60 of the 75 bitcoin back. Yet they were unable to get the full amount back as the value of the bitcoin had dropped.
ARAMCO, the world's largest oil exporter, was hit by ransomware in the summer of 2021. The attack was a data breach that saw 1TB of data get stolen and sold on the dark web. It was later leaked that there was a ransom demanding $50 million in cryptocurrency.
DMEA was hit with a cyberattack and was feeling the effects even a month later. They lost payment processing, billing, and internal systems. They lost significant amounts of data but claim that none of it was sensitive or personal data. This was a small system in Colorado. "The National Rural Electric Cooperative Association (NRECA), of which DMEA is a member, said it is working with the federal government and electric cooperatives to "provide cybersecurity training, help co-ops modernize their systems and use technology to stay ahead of the curve."
This act that passed in Nov 2021, included specific language related to cyberspace, in Title XV. Section 1501 calls for a cyber threat information collaboration environment to help facilitate discussion and cooperation when dealing with cyber concerns. The act also discusses cyber capabilities of the US government as well.
Vestas Wind Systems is one of the largest wind turbine makers in the world. They were subject to a cyber attack in Nov 2021. They did not release specifics of the attack, but we do know that they were required to shut down IT systems to 'multiple business units and locations' to contain the incident."
ARA consists of the major ports in these cities. The oil transactions at these ports are often used as indicators for the European market for oil. At least 11 companies were effected, but the attack only really disrupted administrative aspects of the ports. The goal of the attack is not clearly known, as data was not taken or changed, and it did not involve ransomware.
Leading up the Russian invasion of Ukraine, there was a large-scale operation against US energy companies. In early February, a group of hackers with ties to the Russian GRU, began seeking access to systems through employees, offering around $15,000 for access. This operation lasted about 2 weeks where the attackers were able to gain access to more than 100 computers from employees of 21 energy companies. "Targets include Cheniere Energy, the largest U.S. LNG exporter; Chevron, a major oil producer that owns and operates the Gorgon LNG terminal in Australia; EQT Corp, the largest U.S. natural gas driller and producer; and Kinder Morgan, the largest U.S. oil-and-gas pipeline operator, which operates the Elba Island LNG export terminal." There is a belief that these attacks were state sponsored.
These individuals used phishing techniques targeting employees of 500 different companies, including the US Nuclear Regulatory Commission. They are suspected to have breached the network for Wolf Creek Nuclear Operating Corp. in Kansas. They are though to be responsible for attacks in 135 nations over the past 5 years.
The IT Army of Ukraine is an attempt by the Ukrainian Government to coordinate hackers from all over. They are using social media to paint targets for volunteer hacking groups from all over to attack. They have been targeting the websites of Russian banks, the Russian power grid, the Russian Railway system and the other strategic websites including aerospace and defense sites. The impacts and success of these attacks have not been made clear.
The Ukrainian Defense Minister had reportedly met with Ukrainian business man and cybersecurity expert, Yegor Aushev. The minister was asking to help organize hackers to defend against Russia. This was part of the creation of the so called "IT Army". This report states the army as having over 1000 members. This group worked together with the Belarusian Cyber Partisans to bring down the Belarusian railway system as it was being used to transport Russian troops. Their eyes are still set on getting back at Moscow with more discussions about attacking the electrical grid happening.
In the 17th annual Cost of a Data Breach Report, the energy sector ranked as the fifth most expensive, behind health care, financial, pharmaceuticals, and technology verticals. The average cost of a breach across all sectors has risen by 10% from 2020-21. The energy industry in particular however, saw a decrease of 27% in the cost of a breach.
Amidst the invasion of Ukraine, on April 13th, a report from Ukraine was released stating that the nation had just repelled an attack on the electrical grid. The attack has been attributed to an elite Russian hacking team called "Sandworm", who sought to damage control systems at high-voltage substations. It is estimated that if their attack had succeeded, around 2 million people would have been without power.
A Microsoft report released om the 27th of April points to 6 Russian hacking groups conducting hundreds of Cyber attacks against Ukraine. There have been cyber attacks since even before the invasion, but recently, it appears that they are now being done by more experiences hackers. They are targeting Ukrainian critical infrastructure with about 40% of attacks targeting it, but Ukraine has been able to respond. There was a fear that Ukraine would have suffered nationwide and debilitating effects of cyberattacks, but they have done well to repel and prevent too much damage.
On April 13th, the DOE, FBI, NSA, and the Cybersecurity and Infrastructure Security Agency released a joint alert warning about a new malware. This new malware is able to conduct "highly automated" attacks on energy infrastructure, and due to this nature, there is a worry that it could open the door for unskilled hackers to become more dangerous. A separate report by Dragos on the malware, that they named "Pipedream", said that it is able to "disrupt, degrade, and potentially destroy industrial environments and processes."
We'd love to hear from you. Please send questions or feedback to the below email addresses.
Before contacting us, you may wish to visit our FAQs page which has lots of useful info on Tiki-Toki.
We can be contacted by email at: hello@tiki-toki.com.
You can also follow us on twitter at twitter.com/tiki_toki.
If you are having any problems with Tiki-Toki, please contact us as at: help@tiki-toki.com
Close