Hopefully, they are trying to prevent this. But nonetheless, it's worrisome to think they aren't doing enough. And the means of attack is predominately through phishing. We've heard of several municipalities that were victimized by this type malware. Are utility employees keen enough to avoid becoming a patsy for hackers?
The bad news is in the Wall Street Journal. Utilities Targeted in Cyberattacks Identified. Here's a rather long excerpt:
More than a dozen U.S. utilities that were targets in a recent wave of cyberattacks have been identified by The Wall Street Journal. Some of the utilities, most of which are relatively small, are located near dams, locks and other critical infrastructure.
These electricity providers were singled out in a hacking campaign that was brought to light in August by researchers at a Silicon Valley cybersecurity company. But little was known about the attacks until now.
The Federal Bureau of Investigation is probing the attacks and has contacted some, but not all, of the utilities, according to some of the utilities. It is possible that the hacking campaign is ongoing, according to security researchers.
Utilities said the FBI provided information that helped them scan their computer networks to see if firewalls—their first-line defenses—had been probed and whether malware-laced emails had been sent to their employees. The FBI declined to comment.
The targeted utilities, which operate in 18 states from Maine to Washington, include Cloverland Electric Cooperative in Michigan, which sits next to the Sault Ste. Marie Locks, a critical juncture for the transport of iron ore to U.S. steel mills; Klickitat Public Utility District in Washington state, which is near major federal dams and transmission lines that funnel hydroelectricity to California; and Basin Electric Power Cooperative in North Dakota, one of the few utilities that is capable of delivering electricity to both the nation’s eastern and western grids.
The hackers attempted to get malware installed on utility computers through “phishing” emails that trick recipients into opening them. The embedded malware, which in this case has been dubbed “Lookback,” could give attackers the ability to take control of victims’ computers and steal information.
Here's the list of utilities affected:
Wisconsin Rapids Water Works and Lighting—Contacted by FBI
ALP Utilities, Minn.—Contacted by FBI
Cowlitz County Public Utility District, Wash.—Contacted by FBI
Flathead Electric Cooperative, Mont.—Didn’t provide details
Basin Electric Power, N.D.—Didn’t provide details
Klickitat Public Utility District, Wash.—No FBI contact
Cloverland Electric Cooperative, Mich.—Contacted by FBI
Brownsville Public Utilities Board, Texas—Contacted by the FBI
Utilities Commission of New Smyrna Beach, Fla.—Contacted by the FBI
Rochester Public Utilities, Minn.—No FBI contact
Tucson Electric Power, Ariz.—Declined to comment
Emera Maine—Declined to comment
Tri-County Electric Cooperative, S.C.—Couldn’t be reached for comment
Should we all be preppers so we could endure a long blackout?
------
3:15 PM 11/25/2019
Comments