Breach or Blackout? When ransomware locks the grid’s back office
Spearphishing. Rogue IoT devices. Brute-forced remote access. Forgotten legacy systems. Unpatched web servers. Compromised vendors. Random USB sticks. Watering holes. Evil janitors. Attack-by-air. Unsecured S3 buckets. Use of valid credentials. Flipped insiders. The occasional zero-day exploit. Luck.
There are lots of ways threat actors can penetrate the connected enterprise to drop ransomware. Of the technical variety, the MITRE ATT&CK adversarial framework details 11 techniques attackers use to gain Initial Access [1]—and it’s likely that at least one of these techniques is how attackers breached and dropped ransomware on European energy giant Energias de Portugal (EDP). That’s what we’re talking about in the Forescout Research Labs this week, along with notes of hope that the why is simply financial gain.
Breach vs Blackout: What’s the worst case for ransomware in Energy?
Data breach is bad for business and the cost of breach is increasing: While Healthcare and Financial Services are cited as having the costliest breaches, Energy is running a close third, at $5.6M per incident, according to IBM and…
