77% of U.S. energy companies are vulnerable to ransomware attacks via leaked passwords, report says | #government | #hacking | #cyberattack

More than three-quarters of the nation’s largest energy companies have at least one leaked password online, leaving pipelines and power networks vulnerable to cyberattacks, according to a new report published Tuesday. 

Black Kite, a Boston-based cyber security firm, examined 150 of the largest oil, natural gas and electric companies by market value, and found that a quarter of the nation’s largest energy companies are “highly susceptible” to a ransomware attack. Oil and natural gas operations, in particular, are at the highest risk of a ransomware attack, according to the firm. During this form of cyberattack, hackers gain access to company data and digital operations and hold them hostage until a ransom is paid. 

“At face value, the energy sector has a decent overall security posture. However, when you look under the hood there are areas of concern that make our nation’s energy infrastructure susceptible to crippling ransomware attacks,” Black Kite CEO Paul Paget said. “It is critical that energy providers continuously monitor their systems and partners and view risk from the hacker’s perspective.”

The oil and gas industry is grappling with the growing threat of cyberattacks in the wake of the Colonial Pipeline hack in May, which disrupted gasoline supplies across the Southeast. Hackers called DarkSide used a compromised username and password to access Colonial Pipeline’s network, which was not protected by multi-factor authentication. The Georgia-based pipeline company paid hackers a $4.4 million ransom to regain access to the pipeline. 

The cyberattack on the nation’s largest pipeline underscored how vulnerable the oil and gas industry is to hackers. Other global energy companies, including Norway-based green energy provider Volue and Brazil’s state-owned energy utility Copel, were also hit by ransomware attacks this year. 

CYBER-SECURITY: Study finds ‘shortfalls’ in protecting offshore rigs from cyber-attacks

President Biden signed an executive order in May to improve the nation’s cybersecurity, protect federal government networks and allow for more information-sharing between the federal government and the private sector on cyberattack issues.  

Black Kite, which provides continuous monitoring for more than 250 clients, found that half of energy companies have a critical vulnerability because of out-of-date systems and nearly three-quarters have not used email security measures to prevent spoofing and phishing attacks. These email spoofing and phishing attacks happen when hackers create realistic-looking but fake email accounts to gain access to company information. 

Nearly 80 percent of power utilities are training employees about safe email use and how to spot cyberattacks; however, a little more than a third of these companies are testing security measures of third-party vendors and establishing security measures to protect their supply chains, Black Kite said. 

The cyber security firm said targeted attacks on oil and natural gas pipelines could result in massive shortages, particularly of gasoline. A ransomware attack on electric utilities would disrupt power networks that sustain homes and businesses. 

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty eight + = 33