The majority of cyber attacks on energy and utility firms do not occur in the critical infrastructure of the firm, but inside the IT networks.
According to a report by Vectra, such attacks are planned and orchestrated often months in advance rather than by chancers launching an off-the-cuff attack.
According to the research company, Russian and other nation state criminals are accessing the critical infrastructure through under-protected networks, highlighting that this entry point needs to be better secured in the first place.
It added that the sophisticated attacks are commonly planned and then last for a few months, with criminals watching how the infrastructure works before launching the attack.
To get into the network, hackers commonly use malware and spear-phishing techniques to trick employees into providing access. They can then use administrator rights to watch and gather data.
“The covert abuse of administrative credentials provides attackers with unconstrained access to critical infrastructure systems and data,” said David Monahan, managing research director of security and risk management at Enterprise Management Associates. “This is one of the most…