By Dave Chronister

Cyber threats against the electric grid are escalating dramatically.

According to a new report by Dell Security, cyber attacks on supervisory control and data acquisition (SCADA) systems doubled last year – and they?ve increased 600% since 2012. As alarming as those statistics are, another key finding is even more troubling: physically disruptive attacks are becoming increasingly common.

In fact, 25% of all cyber incidents last year were a specific type of attack that can flood SCADA systems and shut down mechanical devices, potentially disrupting physical operations.

These attacks are expected to worsen over the next few months and years–and the US is the third most targeted country in the world. The Department of Homeland Security?s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) similarly found that critical infrastructure attacks are up, the energy industry is the most heavily targeted sector of all (32% of attacks) and ?denial-of-service? attacks have become a favorite of attackers.

There are three reasons why sophisticated attacks are occurring more frequently: hacktivists, hackers with ties to foreign governments and organized crime. Electric utilities are a prime target for all three of these groups, whose motivations range from political activism and geopolitics to profiteering, and we should expect these attacks to worsen over the next few years.

Stealthier attacks
Utilities? IT teams are probably most familiar with ?phishing? emails and automated probes from ?bots? to try and infect their operations. However, these attacks are evolving to become much more sophisticated, targeted and stealthy. In particular, there are two types of attacks utilities must be aware of: ?cross-site scripting? and ?drive-bys.? Without getting into too much technical detail here, both of these attacks use legitimate websites to sneak into a company?s network.

How does this happen? Because a vulnerability in the legitimate website (it could be a well-known industry vendor, a news site, discussion forum, etc.) allows the hacker to either run malicious code or plant malware that infects anyone who visits the site. All a drive-by attack requires is for an employee to visit the infected website. With a cross-site scripting attack, the employee is infected when clicking on a legitimate link sent via email.

Hackers are also more likely to target a utility employee at home, in an effort to steal credentials that may be typed into a home PC or infect removable media like a USB flash drive which the employee brings back to work.

Read the full report at the link below.