UK and Australian energy trading portfolios in attempted hack

Energy One, a supplier of software products and services to wholesale energy, environmental and carbon trading markets in the Asia Pacific and UK and Europe, has put out a statement confirming a cyber-attack affecting corporate systems in the UK and Australia.

Details on affected companies have not been released, although the company is conducting an analysis into potentially affected systems.

Energy One offers solutions and services, managing the “entire wholesale energy portfolio” for customers in energy trading and logistics, serving energy retailers, generators, users, customers and traders, ranging from startups to multinational organisations.

According to the company’s statement, immediate steps were taken to limit the impact of the incident. The company engaged cybersecurity specialists, CyberX, and alerted the Australian Cyber Security Centre and UK authorities.

As part of the company’s efforts to mitigate the effects of the attack, certain links were disabled between its corporate and customer-facing systems.

Have you read:
Cybersecurity efforts need to be stepped up, DNV reports
Washington maps clean energy cybersecurity plan

The company is currently coordinating an ongoing inquiry and response into the incident to determine what information and systems were affected.

Another priority, states the company, is determining the initial point of entry.

Commenting on the incident was Camellia Chan, CEO and co-founder of Flexxon, an AI cybersecurity specialist company, who stated that “the Energy One cyber-attack demonstrates the increasing risk threat actors pose to critical national infrastructure (CNI).”

According to Chan, CNI marks prime targets for cybercriminals as their “systems are underpinned by a myriad of complex devices, meaning the consequences if these are infiltrated can be devastating and put real people at risk. For example, SSE supplies gas and electricity to seven million homes and is an Energy One customer.”

Cybersecurity gaps and QR codes

States Chan: “To meet the fast-evolving threat landscape, businesses need to be proactive in assessing security gaps and address those with innovative and proven tools. Using low-level AI at the hardware level in devices, for example, is a game-changer.

“Unlike traditional cybersecurity measures, this robust last line of defence protects against sophisticated attacks while removing the need for human intervention.

“Ultimately, for all organisations, but CNI in particular, cyber security must be an integral part of IT systems. One Energy shows us you can’t afford to have weak spots.”

The announcement of the attack on Energy One comes as cybersecurity has been growing as a concern for those in the energy sector.

In the same week as Energy One announcement, US-based computer security services company Cofense published an analysis of an observed large phishing campaign.

The campaign utilised QR codes targeting Microsoft credentials of users from various sectors; “the most notable target” states the company in a blog post, was “a major energy company in the US, saw about 29% of the over 1,000 emails containing malicious QR codes.”

Also of interest:
ENTSO-E and ENCS on mitigating cyber risks
Cybersecurity: Don’t be a sitting duck for energy sector hackers

According to Cofense author Nathaniel Raymond, the energy company was the main focus of the campaign, which sent out phishing emails containing PNG images with phishing links or redirects through a QR code, with the majority of them being Bing redirect URLs.

Raymond states that QR codes can reach inboxes with hidden malicious links. These links can also be embedded into other images to disguise the QR code as an image attachment, or embedded image in a PDF file.

“While automation such as QR scanners and image recognition can be the first line of defense, it is not always guaranteed that the QR code will be picked up, especially if it’s embedded into a PNG or PDF file.

“Therefore, it is also imperative that employees are trained not to scan QR codes in emails they receive. This will help ensure that accounts and businesses security remain safe,” concludes Raymond.

cyber securitycyber threatshacking