US Electric Grid Suffers Unexplained DDoS Attack

Uploaded on 2019-05-13 in FREE TO VIEW, BUSINESS-Production-Utilities

A recent cyber disruption to the US grid involved a "denial of service condition" at a Western utility, according to the US  Department of Energy official. On March 5, an unidentified power company fell victim to a "cyber event" that interfered with operations but stopped short of causing blackouts, according to a DOE recent filing.

A DOE official confirmed on May 1st that the event "did not impact generation, the reliability of the grid or cause any customer outages." as reported to the industry journal E&ENews.

But the denial-of-service attack was significant enough for the utility to file an electric disturbance report with DOE, the same forms reserved for major interruptions like storms, physical attacks or fuel shortages.

Denial-of-service, or DOS, cyber-attacks overwhelm target networks with bogus traffic, making it difficult for victim computers to operate normally. Distributed-denial-of-service (DDOS) attacks harness the power of hacked "botnets" of computers to throw at hackers' targets, while rarer telephony-denial-of-service (TDOS) events seek to block incoming and outgoing calls.

In December 2015, suspected Russian hackers used stolen login credentials and a TDOS attack to hit three distribution utilities in Ukraine, briefly cutting the lights to about a quarter-million people in a first-of-its-kind cyberattack.

The March event doesn't appear to be part of such a coordinated hacking campaign, based on the limited information disclosed by DOE and several organizations in the anonymous utility's service area of Utah, Wyoming and Southern California. Still, a malicious cyber event wasn't previously known to have interfered with US grid operations, making the March 5 disclosure significant.

The DOS event took advantage of a known software vulnerability that required a previously published patch to fix, according to the DOE official.

In other words, with a patch in hand, it wouldn't have been difficult for power companies to identify and update any computer systems potentially at risk. DOE didn't clarify which equipment, whether routers, work stations or even phones, were affected by the denial of service.

Denial-of-service attacks frequently target internet-facing devices or services, one record-setting DDOS interrupted access to popular sites like Twitter and Grubhub in fall 2016. 

In order for a DOS to have triggered an electric disturbance alert, it likely would have hit something more significant, but still externally facing, industry sources speculated: perhaps firewalls or routers on the boundary of a grid network.

While a cyberattack on such equipment wouldn't disrupt the flow of electricity, it could force operators to pause or redirect certain activities at affected facilities to allow for an investigation. The Electricity Information Sharing and Analysis Center, the electric sector's hub for getting the word out on the latest threats and vulnerabilities, issued an alert with information to mitigate the threat, according to multiple sources.

The DOS event reflects a concerning uptick in attacks, sophisticated or not, targeting critical infrastructure facilities worldwide, according to Lior Frenkel, CEO and co-founder of industrial cybersecurity firm Waterfall Security Solutions. Tools once exclusively available to nation-state hacking teams have passed into the hands of criminal organisations and the general public, he observed. Grid cyber events like that of March 5 "are bound to happen at an increasing rate," he warned. "Targets need to understand the world has changed."

The utility targeted in the March 5 DOS attack hasn't been identified.State utility regulators in Wyoming, Utah and California have all declined to share additional details or failed to respond to requests for comment.

The Western Electricity Coordinating Council, the regional grid overseer for the four counties listed in the vague DOE filing, said via a spokeswoman that "we do not comment about individual entities."

Federal officials have been similarly tight-lipped. The North American Electric Reliability Corp., which manages the industry's threat information sharing center, has yet to comment on the case, while the Department of Homeland Security deferred comment to DOE. The Federal Energy Regulatory Commission said it was aware of the case but declined further comment.

EENews

You Might Also Read:

America Remains Vulnerable To Cyber Attack:

 

 

« What Can We Do About Increasing Complexity In Cybersecurity?
Has President Trump Lost The Cyber Plot? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Redscan Cyber Security

Redscan Cyber Security

Redscan Cyber Security is a Managed Security Services Provider (MSSP) that enables businesses to effectively manage their information security risks.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

Augur Security

Augur Security

Augur Security (formerly SecLytics) is the only cybersecurity platform using AI-powered behavioral modeling and agentic automation to reliably predict and block threats before they launch.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Leadcomm

Leadcomm

Leadcomm is a Brazilian company focused on the distribution and integration of IT systems and security solutions for large companies.

2Keys

2Keys

2Keys designs, deploys and operates Digital Identity Platforms and Cyber Security Platforms through Managed Service and Professional Service engagements.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

Protected Media

Protected Media

Protected Media’s advanced cybersecurity ad fraud solution guards you against current and emerging threats across Connected TV, Display and Video advertising.

HashDit

HashDit

HashDit products and services focus on helping build a safe ecosystem for both protocol users and smart contract developers on BNB Chain.

Aura Information Security

Aura Information Security

Aura Information Security consists of a team of highly-skilled and renowned information security professionals spanning Australia and New Zealand.

Treacle Technologies

Treacle Technologies

Treacle Technologies are a Cyber Security startup with a focus on Defensive Security.

Oak9

Oak9

Oak9's Security as Code platform dynamically secures Infrastructure as Code (IaC) and deployed cloud workloads, automatically.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.

Locket Cybersecurity

Locket Cybersecurity

Locket’s certified students provide pro-bono security audits for small and medium-sized businesses in the Chicagoland area.