On Tuesday, energy generator CS Energy, which is owned by the Queensland government, fell victim to a ransomware attack that impacted operations. The incident occurred over the weekend, in yet the latest cyber threat to target critical infrastructure.
As per the organisation’s announcement, the incident occurred on CS Energy’s corporate network and has not impacted electricity generation at our Callide and Kogan Creek power stations. Our power stations are continuing to generate and dispatch electricity into the National Electricity Market.
CEO Andrew Bills said CS Energy’s focus was on restoring the security of its network and supporting employees, customers and business partners with any questions they may have.
“CS Energy moved quickly to contain this incident by segregating the corporate network from other internal networks and enacting business continuity processes,” Mr Bills said.
Commenting on the news, Robert Golladay, EMEA and APAC director at Illusive, said:
“While we don’t yet know what the attackers were after, we do know that we are experiencing a (seemingly) neverending and higher frequency number of ransomware attacks. All ransomware attacks are characterised by two “signature” moves once they breach a network: exploiting privileged identities and moving laterally in the network. And this type of attack is exploding because it works – critical national infrastructure is seen by these criminals as easy money. Power plants such as these can’t afford to experience any downtime, which increases the likelihood that they will pay the ransom in order to restore operations. With that said, these ransomware attacks are preventable. The current approach to ransomware defence tends to be a passive one. Companies are (rightly so) using Endpoint Detection and Response (EDR), patching, backing up regularly, protecting an increasingly hard to define perimeter. But we have to go further — attacker creativity, shared tactics and resources require an equally creative, proactive and imaginative set of tactics.
Identity risk has to be managed and organizations should be continuously discovering and remediating exploitable identity risks. And for that part of the network where this is impossible, deploying deception technology is a requirement in any modern security strategy. And in so doing, we stop attacks in their tracks.”
Andy Norton, European cyber risk officer at Armis, added:
“In recent months, ransomware attacks targeting critical infrastructure have exhibited the intensifying threat of ransomware to operational technology (OT) assets, control & Cyber Physical systems. In fact, the attack surface organisations have to worry about these days is bewildering.
OT components are increasingly connected to information technology (IT) networks, offering a path for cyber actors to pivot from IT to OT networks. Given the prominence of critical infrastructure to national security protecting from unintended business consequences, safety, environmental disaster and significant monetary loss due to outage has far greater impact into society.
Accessible OT assets are a striking target for malicious cyber actors seeking to disrupt critical infrastructure for profit or to advance geo-political objectives. As demonstrated by recent cyber incidents, intrusions affecting IT networks can also affect catastrophic cascading critical operational processes. Critical infrastructure asset owners and operators should adopt a heightened state of awareness and proactive measures to protect cyber physical infrastructures.”