The non-targeted attack caused brief communications outages of less than five minutes to a dozen wind and solar farms, belonging to Utah-based renewable energy developer sPower, the biggest private solar power operator in the U.S. The attack was carried on March 5th, 2019 yet revealed only in September. Fortunately, these outages had no impact on power generation. The failure was the result of multiple firewall reboots spanning over a 10-hour period. Wind and solar generation sites pose some unique challenges compared with natural gas, coal or nuclear plants because they rarely have personnel on-site. Due to the lack of personnel on-site, incident response efforts might cause a longer period of detection and remediation.
Continue reading on Gridintel
A new series of phishing attacks were spotted targeting entities in the United States utilities sector in an attempt to deliver the LookBack remote access Trojan (RAT). The first attack, carried in early august while the current one was observed between August 21 and August 29. LookBack, which hasn’t been attributed to a specific adversary yet, is a new remote access trojan that uses a proxy mechanism for command and control communication. The phishing emails contained Word documents with malicious macros that were designed to download and execute LookBack.The emails impersonated a licensing body related to the utilities sector, masquerading as Global Energy Certification (GEC). So far, the security researchers have identified at least 17 entities in the US utilities sector that have been targeted by these threat actors from April 5 through August 29, 2019.
Continue reading on Proofpoint
Hackers targeted Airbus suppliers – British engine-maker Rolls-Royce, French technology consultancy and supplier Expleo, and two other French contractors, in an attempt to gain access to the Airbus’s entire network. The hackers targeted the VPN which connected the following companies to Airbus. The main goal was to steal commercial secrets, including documents related to the engines of the military transport plane A400M. Several sources linked the hackers to the Chinese hacking group APT10 or JSSD but Beijing rejected the claims. Third-party data breaches rise every year and it is becoming vital to secure and to manage the supply chain relationship.
Continue reading on Techerati