Insider Threat ‘Contributes’ To Growing Number Of Critical Infrastructure Attacks

Tom Jowitt,

IBM X-Force researchers find hackers are increasingly exploiting insiders for attacks on industrial control systems

Researchers at IBM X-Force have warned in a new report that cyber attacks on critical infrastructure has been growing at a rapid pace, and will increase going forward.

And it seems as though 40 percent of the attacks on the utilities and energy sectors are as a result of ‘insider actors’ – whether with malicious intent or by mistake.

It comes as Symantec warns of potential power outages because of “highly sophisticated” attempts by the Dragonfly hacking group “to control – or even sabotage – operational systems at energy facilities.”

Keyboard Illustration "Cyber Attack" © Ben Chams - Fotolia

Insider Threat

Cyber security for firms providing critical infrastructure such as fuel, electricity and drinking water have been a growing concern for a while now, as the potential for these attacks to damage the health and welfare of whole regions or even nations, cannot be underestimated.

In July this year for example the US Department of Energy (DOE) acknowledged a campaign of attacks that had targeted a number of energy companies, including at least one nuclear plant.

At the moment, IBM X-Force said that whilst the energy and utility (E&U) sector was not one of the top targeted industries in 2016, its data shows that E&U is being targeted increasingly in 2017. Indeed, IBM said its figures show this market is falling just short of the top five attacked sectors, as of June this year.

IBM said that in 2016 the E&U faced over 39 million security events, including 382 attacks and 66 incidents. These 39 million E&U security events represented 72 percent of all security events monitored by IBM Security in 2016.

But more worryingly it found that ICS (industrial control system) attacks increased more than 110 percent in 2016 and are on pace to equal or surpass that volume in 2017. IBM warned that 60 percent of these E&U attacks are designed to install malicious data in an effort to control or disrupt a system.

Would you use a Google Chromebook in your business?

View Results

Loading ... Loading ...

“When compared to other industries, E&U employees are more likely to fall victim to cybercriminal tactics to get them to inadvertently download malicious content,” warned IBM X-Force.

And it said that more than 40 percent of E&U attacks are a result of insider actors – whether with malicious intent or inadvertent.

Staff who inadvertently open malicious email attachments or click on malicious links in an email account for more than 50 percent of insider attacks within the E&U sector.

Critical Infrastructure

Matters are not being helped by the fact many critical infrastructure organisations are skipping basic IT security precautions.

In July the National Cyber Security Centre (NCSC) said it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

It warned those attacks are “likely” to have compromised some industrial control systems in the UK.

The potential of these attacks to wreak havoc can be best illustrated by the attack in December 2015, when a Ukraine power company was hit by a cyber attack that left parts of western Ukraine, including regional capital Ivano-Frankivsk, without power. Security experts later said that a sophisticated Trojan horse called Black Energy was used in the hack.

The Ukraine blamed the incident on Russia, but security firms have said that as yet no connection has been found between that attack and the more recent US campaign.

Do you know all about security in 2017? Try our quiz!