Cyber security
Related Links

Stephen Robinson, Senior Threat Intelligence Analyst at WithSecure, comments on the Schneider Electric ransomware attack, stating, “The attack on Schneider Electric follows a trend of cyberattacks against the energy sector."

He adds, "The energy sector is a popular target for ransomware due to playing a vital role in society's daily functioning – disruption can have far-reaching consequences. Schneider Electric themselves were victims of Lockbit's MoveIT ransomware campaign in 2023, so it is concerning to see them compromised again so soon."

Leveraging data

Stephen Robinson continues, "Energy companies hold huge amounts of PII which not only has value on the dark web but is excellent leverage for cyber attackers when demanding a ransom."

He said, "In addition to this, it was Schneider Electric's Sustainability Business enterprise consulting arm that was compromised. Its customers include mega-companies such as Hilton, Pepsico, and Walmart, and they likely hold sensitive data belonging to these companies."

Cactus ransomware brand

TTPs follow the standard ransomware playbook, making use of well-known tooling and methods"

Stephen Robinson adds, "Schneider Electric is yet to confirm if the Cactus ransomware brand was responsible for the attack, and they have not as yet been listed on the group's leak site, however, Cactus has become increasingly active in recent months."

He continues, "They are a multipoint extortion group that first appeared in March 2023, and their TTPs follow the standard ransomware playbook, making use of well-known tooling and methods. During multiple of their initial attacks in 2023, Cactus gained access to victim networks via vulnerable VPN gateways, often Fortinet VPN instances."

Risk assessments

Stephen Robinson concludes, "The energy sector and other, similar Critical National Infrastructure (CNI) will continue to be a regular target for cyberattacks, especially with the current, heightened geopolitical tensions. In its Annual Review, the UK NCSC warned about the increasing threat towards CNI."

He further said, "Therefore, energy organisations must invest in regular risk assessments and advanced security measures to minimise their attack surface.

Discover how AI, biometrics, and analytics are transforming casino security

Related white papers
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Combining security and networking technologies for a unified solution

Combining security and networking technologies for a unified solution

Download
System design considerations to optimize physical access control

System design considerations to optimize physical access control

Download
Related articles
How physical security consultants ensure cybersecurity for end users

How physical security consultants ensure cybersecurity for end users
How managed detection and response enhances cybersecurity management in organisations

How managed detection and response enhances cybersecurity management in organisations
Drawbacks of PenTests and ethical hacking for the security industry

Drawbacks of PenTests and ethical hacking for the security industry