Energy firms are are prime risk from cyber crime and what tech experts described as the Internet of Zombies – relentless bot attacks by professional hackers that can run for days, weeks or months at a time.
New research by cyber security firm Radware reveals 59% of energy suppliers believe the most likely form of attack on their infrastructure will be from professional gangs who are most likely to be motivated by ransoms.
In the last year, over 90% of companies surveyed experienced a cyber attack. Half of all businesses attacked said they had experienced burst bot attacks, a short but intensive form of automated attack, up from 27% in 2014, said Radware in its Global Application and Network Security Report 2015-2016.
It’s warning the energy sector to ensure it invests in ‘good bots’ to fight the relentless ‘zombie’ style Advanced Persistent Denial of Service (APDoS) bots that professional attackers can leave to run for days, even weeks, at a time.
The political landscape for 2016 is also causing concern – 48% believe politically motivated hacktivist groups will cause damage, and 37% think campaigns will be state sponsored.
Radware’s Emergency Response Team (ERT), which compiles the report using insight from dealing with attacks, complex analysis of the ‘dark web’ and input from over 300 companies, believes that ‘burst bots’ will be the fastest growing type of attack in 2016.
Regional director Adrian Crawley, explained that as hacking becomes more automated, so utilities will need to find ways to fight the Internet of Zombies and must anticipate the state-sponsored attacks that will come their way.
“This year things will change and the first line of defence for energy cyber security will no longer include people. As company defences continue to succumb to endless floods of sophisticated, automated attacks and new attack techniques, CSOs, sometimes in partnership with governments, will need to combine a virtual cyber army with skills,” he said.
“People are simply not equipped to make the decisions quickly enough to fight back on the front line. We are approaching the fall of human cyber defences and the rise of cyber botted-defence. The age of the Internet of Zombies is here and utility providers will need to quickly adapt their approach.”
Understanding how to respond and manage the risks is proving a concern, as over half of utility companies said they had no idea why they were being attacked.
Crawley said: “Though political hacktivism and ransom were identified as the motive behind a sizeable number of attacks the sector experienced last year, in 56% of the attacks the energy companies had no idea what the motive was. That’s a big blind spot in security planning and leaves critical infrastructure exposed.”
The energy sector has been served a wake up call on how vulnerable the industry is to cyber attack after hackers cut off 80,000 Ukranian electricity customers.
Highly destructive malware known as Black Energy infected the Ukranian regional power leaving thousands of homes in the Ivano-Frankivsk region of country without electricity on December 23.
Crawley said: “As the recent attacks in the Ukraine have shown, well orchestrated hacks can have a dramatic impact very quickly.”