Many believe clean and renewable energy is the future of the energy sector, and it continues to expand everyday. It's also a great target for threat actors because of this.
Everyone understands the benefits of things like solar power and wind power. They have the potential to combat the looming threat of climate change. But what happens on a cloudy day? What happens when there's no wind?
Or worse, what happens if there's a cybersecurity incident?
Vestas shuts down IT systems amid cyber incident
Vestas, a Danish wind energy company that operates over 40,000 wind turbines in North America, was recently the victim of a cyberattack that forced the company to shutdown some of its IT systems and compromised some data.
Here is part of the statement the company made upon learning of the breach:
"Vestas has on 19 November 2021 been impacted by a cyber security incident. To contain the issue, IT systems are shut down across multiple business units and locations.
As part of our crisis management setup for cyber security, we are working together with our internal and external partners to contain the issue fully and recover our systems."
Two days later, Vestas also provided an update on the situation:
"The company's preliminary findings indicate that the incident has impacted parts of Vestas' internal IT infrastructure and that data has been compromised. At this stage, the work and investigation are still ongoing.
However, there is no indication that the incident has impacted third party operations, including customer and supply chain operations. Vestas' manufacturing, construction and service teams have been able to continue operations, although several operational IT systems have been shut down as a precaution. Vestas has already initiated a gradual and controlled reopening of all IT systems."
CISA warns of cyber incidents over holidays
While it is important to consider the types of organizations that are likely to be targets for threat actors—such as those in the energy, healthcare, and financial sectors—it's also important to consider the timing of attacks.
SecureWorld recently covered a story of how threat actors were using corporate milestones, such as mergers and acquisitions, as opportune times to attack.
Now, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) put out a reminder to critical infrastructure to "stay vigilant" on upcoming holidays and weekends:
"As Americans prepare to hit the highways and airports this Thanksgiving holiday, CISA and the Federal Bureau of Investigation (FBI) are reminding critical infrastructure partners that malicious cyber actors aren’t making the same holiday plans as you. Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure."
CISA and the FBI also encourage organizations to re-examine their current cybersecurity posture, as well as to take these specific steps:
- "Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack."
- "Implement multi-factor authentication for remote access and administrative accounts."
- "Mandate strong passwords and ensure they are not reused across multiple accounts."
- "If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored."
- "Remind employees not to click on suspicious links, and conduct exercises to raise awareness."
Resource
Listen to the SecureWorld Sessions podcast episode, A Cyber Mercenary Investigation:
