US Electric Grid Suffers Unexplained DDoS Attack

Uploaded on 2019-05-13 in FREE TO VIEW, BUSINESS-Production-Utilities

A recent cyber disruption to the US grid involved a "denial of service condition" at a Western utility, according to the US  Department of Energy official. On March 5, an unidentified power company fell victim to a "cyber event" that interfered with operations but stopped short of causing blackouts, according to a DOE recent filing.

A DOE official confirmed on May 1st that the event "did not impact generation, the reliability of the grid or cause any customer outages." as reported to the industry journal E&ENews.

But the denial-of-service attack was significant enough for the utility to file an electric disturbance report with DOE, the same forms reserved for major interruptions like storms, physical attacks or fuel shortages.

Denial-of-service, or DOS, cyber-attacks overwhelm target networks with bogus traffic, making it difficult for victim computers to operate normally. Distributed-denial-of-service (DDOS) attacks harness the power of hacked "botnets" of computers to throw at hackers' targets, while rarer telephony-denial-of-service (TDOS) events seek to block incoming and outgoing calls.

In December 2015, suspected Russian hackers used stolen login credentials and a TDOS attack to hit three distribution utilities in Ukraine, briefly cutting the lights to about a quarter-million people in a first-of-its-kind cyberattack.

The March event doesn't appear to be part of such a coordinated hacking campaign, based on the limited information disclosed by DOE and several organizations in the anonymous utility's service area of Utah, Wyoming and Southern California. Still, a malicious cyber event wasn't previously known to have interfered with US grid operations, making the March 5 disclosure significant.

The DOS event took advantage of a known software vulnerability that required a previously published patch to fix, according to the DOE official.

In other words, with a patch in hand, it wouldn't have been difficult for power companies to identify and update any computer systems potentially at risk. DOE didn't clarify which equipment, whether routers, work stations or even phones, were affected by the denial of service.

Denial-of-service attacks frequently target internet-facing devices or services, one record-setting DDOS interrupted access to popular sites like Twitter and Grubhub in fall 2016. 

In order for a DOS to have triggered an electric disturbance alert, it likely would have hit something more significant, but still externally facing, industry sources speculated: perhaps firewalls or routers on the boundary of a grid network.

While a cyberattack on such equipment wouldn't disrupt the flow of electricity, it could force operators to pause or redirect certain activities at affected facilities to allow for an investigation. The Electricity Information Sharing and Analysis Center, the electric sector's hub for getting the word out on the latest threats and vulnerabilities, issued an alert with information to mitigate the threat, according to multiple sources.

The DOS event reflects a concerning uptick in attacks, sophisticated or not, targeting critical infrastructure facilities worldwide, according to Lior Frenkel, CEO and co-founder of industrial cybersecurity firm Waterfall Security Solutions. Tools once exclusively available to nation-state hacking teams have passed into the hands of criminal organisations and the general public, he observed. Grid cyber events like that of March 5 "are bound to happen at an increasing rate," he warned. "Targets need to understand the world has changed."

The utility targeted in the March 5 DOS attack hasn't been identified.State utility regulators in Wyoming, Utah and California have all declined to share additional details or failed to respond to requests for comment.

The Western Electricity Coordinating Council, the regional grid overseer for the four counties listed in the vague DOE filing, said via a spokeswoman that "we do not comment about individual entities."

Federal officials have been similarly tight-lipped. The North American Electric Reliability Corp., which manages the industry's threat information sharing center, has yet to comment on the case, while the Department of Homeland Security deferred comment to DOE. The Federal Energy Regulatory Commission said it was aware of the case but declined further comment.

EENews

You Might Also Read:

America Remains Vulnerable To Cyber Attack:

 

 

« What Can We Do About Increasing Complexity In Cybersecurity?
Has President Trump Lost The Cyber Plot? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Feedzai

Feedzai

Feedzai provide software that uses big data analysis and machine-based learning to prevent fraud in ecommerce.

Ammune.ai

Ammune.ai

Ammune.ai (formerly L7 Defense) helps organizations to protect their infrastructure, applications, customers, employees, and partners against the growing risk of API-borne attacks.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Internet Infrastructure Investigation

Internet Infrastructure Investigation

Internet Infrastructure Investigation offers a bespoke Internet Governance Solution to your brands online infringement problems.

AEWIN Technologies

AEWIN Technologies

AEWIN is professional in the fields of Network Appliance, Cyber Security, Server, Edge Computing and an ODM/OEM expert.

Drawbridge

Drawbridge

Drawbridge is a premier provider of cybersecurity software and solutions to the alternative investment industry.

Grove Security

Grove Security

Grove provides businesses with the tools that work best for their unique operations, through cybersecurity and cloud services, custom software development and our big data analytics expertise.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

Cyral

Cyral

Easily observe, control, and protect your data endpoints in a cloud and DevOps-first world. Discover Data Mesh Security with Cyral.

Coviant Software

Coviant Software

Coviant Software delivers secure managed file transfer (MFT) software that integrates smoothly and easily with business processes.

Vircom

Vircom

With a large majority of cyber attacks starting with email, Vircom provides protection against the worst email security threats to your business.

Aikido Technology Services

Aikido Technology Services

Aikido Technology Services is a leading-edge technology solutions provider, servicing the Pacific North West USA. We offer affordable IT solutions designed to streamline and secure your business.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

Unisys

Unisys

Unisys is a global information technology company providing industry-focused solutions integrated with leading-edge security to clients in the government, financial services and commercial markets.