The government has warned power plants about a hacking campaign, after at least one plant appears to have been attacked.
According to a joint report from the US Department of Homeland Security and the FBI, which was reviewed by Reuters, hackers have been using phishing emails since May to harvest employees’ credentials at one or more power plants.
Reuters writes: “While disclosing attacks, and warning that in some cases hackers succeeded in compromising the networks of their targets, [the report] did not identify any specific victims.”
The government’s report said that hackers have historically “targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict”.
However, industry spokesperson John Keeley insists that – at least in this instance – no US nuclear power plants have been penetrated. He said that if a plant’s operations had been breached, it would have meant the plant would have to notify the Nuclear Regulatory Commission, which in turn would notify the public.
Keeley added that those requirements do not cover cyber intrusions on business networks of firms that operate nuclear power plants. There is currently no information as to whether such attacks had occurred, but given the government has confirmed that a breach has taken place, it seems likely that this was the hackers’ target.
The report details how the hackers would have been able to breach the firms, stating that the attackers conducted reconnaissance to gain information about the individuals whose computers they sought to infect. The attackers then created “decoy documents” on topics that would interest their targets.
Additionally, the report identified 11 files used in the attack, including malware downloaders and tools that allow the hackers to take remote control of the victim’s computers and travel across their networks.
Secure your organization with ISO 27001
You might not run a nuclear power plant, but your organization will nonetheless face a cyber attack sooner or later. Even if you think there is no reason anyone would attack you, it’s worth remembering that attacks are often random and indiscriminate.
To protect your organisation, you should implement an ISO 27001-compliant information security management system (ISMS). ISO 27001 is the international standard that describes a best-practice ISMS, and it provides the basis for managing data security using an integrated set of policies, procedures, and technologies.
You can gain a number of ISO 27001 qualifications through IT Governance. We offer both foundation- and advanced-level courses, all of which are taught by experienced practitioners.