- Radware’s latest security report shows the energy sector needs virtual cyber armies to fight state sponsored attacks
- Utilities believe they are most likely to be the victim of professional gangs, hacktivist groups and state sponsored hacks
Radware announces the release of its Global Application and Network Security Report 2015-2016 which highlights that utilities are prime targets as the ‘Internet of Zombies’ takes hold. In the last year, over 90% of companies surveyed experienced a cyber attack. Half of all businesses attacked said they had experienced burst bot attacks, a short but intensive form of automated attack, up from 27% in 2014.
The study shows that 59% of energy suppliers believe the most likely form of attack on their infrastructure will be from professional gangs who are most likely to be motivated by ransoms. The political landscape for 2016 is also causing concern – 48% believe politically motivated hacktivist groups will cause damage, and 37% think campaigns will be state sponsored.
Radware’s Emergency Response Team (ERT), which compiles the report using insight from dealing with attacks, complex analysis of the ‘dark web’ and input from over 300 companies, believes that ‘burst bots’ will be the fastest growing type of attack in 2016. It’s warning the energy sector to ensure it invests in ‘good bots’ to fight the relentless ‘zombie’ style Advanced Persistent Denial of Service (APDoS) bots that professional attackers can leave to run for days, even weeks, at a time.
Adrian Crawley, regional director for Northern EMEA at Radware, believes that as hacking becomes more automated, so utilities will need to find ways to fight the ‘Internet of Zombies’ and must anticipate the state-sponsored attacks that will come their way:
“This year things will change and the first line of defence for energy cyber security will no longer includepeople. As company defences continue to succumb to endless floods of sophisticated, automated attacks and new attack techniques, CSOs, sometimes in partnership with governments, will need to combine a virtual cyber army with skills. People are simply not equipped to make the decisions quickly enough to fight back on the front line. We are approaching the fall of human cyber defences and the rise of cyber botted-defence. The age of the Internet of Zombies is here and utility providers will need to quickly adapt their approach.”
Understanding how to respond and manage the risks is proving a concern, as over half of utility companies said they had no idea why they were being attacked.
Adrian explains: “Though political hacktivism and ransom were identified as the motive behind a sizeable number of attacks the sector experienced last year, in 56% of the attacks the energy companies had no idea what the motive was. That’s a big blind spot in security planning and leaves critical infrastructure exposed.”
Adrian continues, “As the recent attacks in the Ukraine have shown, well orchestrated hacks can have a dramatic impact very quickly. This sector, particularly in regions of unrest, is likely to see hacktivism and state sponsored attacks escalate. It poses a significant risk to communities and industry and the sector needs to ensure lives are not unnecessarily put at risk from poor security planning. ”
To download the complete Global Application & Network Security Report 2015-2016, which includes the ERT’s predictions and recommendations for how organisations can best prepare for mitigating cyber threats in 2016, please click here.