Threat Intelligence
Essential Reading
Ransomware Targeting Energy and Utilities
Colonial Pipeline shut a 5,500-mile fuel pipeline after a single IT ransomware infection
Nation-State Threats to the Power Grid
CISA warned in 2023-2024 that Volt Typhoon had pre-positioned inside US power and water CNI
Industroyer and CrashOverride
Industroyer caused a 2016 Kyiv blackout; Industroyer2 was deployed against the grid again in 2022
Further Reading
Triton / TRISIS
Triton/TRISIS targeted plant safety systems in 2017, the first malware aimed at enabling physical harm
Phishing and Stolen Credentials
Colonial Pipeline was breached via one compromised VPN password with no multi-factor authentication
Insider Threat in the Energy Sector
A former water-utility employee remotely accessed plant controls in 2021 using credentials never revoked
Supply-Chain and Firmware Attacks on RTUs, PLCs and ICS
The 2020 SolarWinds update compromise reached thousands of organisations, including critical infrastructure
Smart Meter and AMI Attack Surface
The UK smart meter rollout has placed tens of millions of connected devices at the grid edge