Stu Sjouwerman
2024-12-17 10:05:00
blog.knowbe4.com
Ransomware attacks targeting utilities have surged by 42% over the past year, with spear phishing playing a major role in 81% of cases, according to a ReliaQuest study spanning November 2023 to October 2024.
Analyzing data from its GreyMatter platform and dark web activity, ReliaQuest found that utilities like water and energy systems are disproportionately affected. Their critical role in infrastructure makes them prime targets for cybercriminals.
Spear phishing emerged as a significant threat, accounting for 81% of alerts in the utilities sector. Within these cases, 31.5% involved spearphishing links, 27.9% internal spearphishing, and 21.5% malicious attachments. “Employees in the sector frequently receive emails from numerous different senders, which may lead to reduced vigilance when interacting with unfamiliar messages, particularly those that appear to come from trusted sources,” ReliaQuest stated.
Additionally, the prevalence of internal spear phishing highlights the risks posed by contractors and third-party vendors closely integrated into utilities’ operations.
Ransomware attacks have also risen dramatically, with 75 utilities being listed on ransomware leak sites during the study period—a 42% increase compared to the previous year. The Play ransomware group alone reported 10 utilities victims, up from just three the year before, marking a staggering 233% jump.
Among ransomware groups, LockBit was the top threat, followed by Play, ALPHV/BlackCat (now defunct), Akira, and 8base. Utilities faced a disproportionately higher number of attacks from these groups compared to other industries.
ReliaQuest attributed this rise to factors like the growing adoption of industrial IoT systems, which often lack regular updates, leaving vulnerabilities open for exploitation. The broader increase in ransomware-as-a-service (RaaS) operations also contributes to the trend.
To combat these threats, ReliaQuest advises utilities to enhance defenses by implementing automated incident response systems and boosting employee security awareness about phishing schemes. Advanced email security systems, capable of detecting and disrupting phishing attempts, can further shield organizations from these pervasive social engineering attacks.
By taking proactive measures, utilities can mitigate the escalating risks to their operational technology (OT) and IT environments, safeguarding critical infrastructure against rising cyber threats. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
ReliaQuest has the story.
Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.
Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.