Hackers are a threat to credit card information, election data, and now – according to a report from iDefense, an arm of consulting group Accenture – they’ve come for the energy sector.
A sinister-sounding group called Black Ghost Knifefish has been involved with ongoing hacking campaigns aimed at U.S. energy operations since at least 2016. Jim Guinn is the managing director and global cybersecurity leader for the energy sector at Accenture. He says his organization has been following the Black Ghost Knifefish for the last couple years.
The group is potentially tied to Russia but Guinn says it’s difficult to figure out where these attacks originate from. What he does know is that the group is “heavily funded” and they are “targeting critical infrastructure.”
“Financial services, heavy manufacturing, energy utilities,” McGuinn says. “That is where most of the target is focused.”
Pipelines, power generation facilities and distribution transmission networks are particularly attractive targets for hacker groups. Disruption of these services can have an immediate impact on the regions that rely on them.
Groups like Black Ghost Knifefish gain access by sending emails from known addresses to managers or supervisors of control rooms. They attach a file that appears to be a resume for an engineering position. When the manager opens the file, software is installed that connects the machine to a server. The software can track the manager’s keystrokes and record their passwords and login information. All this information is kicked back to the server where one of the hackers can watch the data collection in real time. The process is called exfiltration.
“They’re trying to collect credentials for future espionage,” Guinn says. “And in the worst case to actually cause some sort of outage.”
Guinn says there is cause for concern but not to panic.
“I don’t want to say, ‘The end is coming’ and we don’t want to overstate the problem,” he says. “The reality is that cyber attacks have been going on for many many years.”
The United States has launched cyber attacks against its adversaries and has also been the victim of these kinds of attacks. Guinn says this kind of warfare lacks visibility.
“This is something that most people don’t even know about,” he says. “They use their smartphone to talk to people or they login to their computer and they read their email. They don’t really realize what’s happening under the covers of all of that.”
Houston is home to many high value targets for a cyber attack. Guinn says there have been a number of recent attacks on pipeline companies and their vendors.
“The threats are increasing and they’re becoming more and more known because we’re raising awareness,” he says. “If we all start talking about this more and more, and we start to identify what we can do, and collaborate and share, we might be able to minimize it.”
Written by Jeremy Steen.