One of the largest daily newspapers in Germany, SZ (Süddeutsche Zeitung), published an article last Thursday stating that Russian threat actors had "infiltrated the networks of at least two energy providers in Germany."
According to the article, which says the information was confirmed by three independent sources, the Russian group is the same one that attacked the Ukrainian electric grid in 2015 and 2016 (known as Sandworm).
Phil Neray, VP of Industrial Cybersecurity for CyberX, a critical infrastructure security firm based in Boston, comments: “This latest news shows that Russian threat actors have expanded their critical infrastructure targets beyond the Ukraine – and beyond the US – to include western Europe. It's not surprising given Russia's stated strategy of leveraging cyber to exert its geopolitical muscle on the global stage. The recent FBI/DHS alert confirmed that Russian cyberattackers have successfully compromised US critical infrastructure since at least 2016.
“Industrial control networks are notoriously insecure. According to CyberX's "Global ICS & IIoT Risk Report," which analysed traffic data from 375 production industrial control networks worldwide, 60% of industrial sites are still using plain-text passwords and three of four are still running outdated versions of Windows like Windows XP and Windows 2000.
“Industry best practices suggest that continuous monitoring with behavioural analytics is a key way to identify and stop these attacks during the early cyber reconnaissance stage – before attackers can launch more destructive or disruptive attacks like the ones we've seen in both the Ukraine and Saudi Arabia.”
Read the article online at: https://www.worldpipelines.com/business-news/08052018/cyberx-comments-on-german-cyber-attacks/