[BreachExchange] Ameren Missouri Equipment Supplier Targeted In Ransomware Attack

Destry Winant destry at riskbasedsecurity.com
Wed Mar 25 10:22:25 EDT 2020


https://news.stlpublicradio.org/post/ameren-missouri-equipment-supplier-targeted-ransomware-attack#stream/0

Ransomware attackers have stolen data from a third-party vendor that
supplies utility equipment to Ameren Missouri power plants.

Dozens of data files from Ohio-based LTI Power Systems appeared on a
ransomware server in late February, including equipment diagrams and
schematics from two Ameren Missouri facilities. No customer
information appears to have been involved in the data breach.

St. Louis Public Radio obtained copies of the data files, which span
from 1996 to 2017, and involve the Ameren Sioux Power Plant in West
Alton and the Labadie Power Plant.

The files include detailed schematics of uninterruptible power supply
equipment, used to provide temporary backup power during outages.

Joe Scherrer, director of the Cybersecurity Strategic Initiative at
Washington University, said this type of intellectual property can be
a valuable commodity in the cybercriminal marketplace.

“This particular incident is, in my view, all about the theft of
intellectual property and making it available for sale to
nation-states or other companies,” Scherrer said.

This type of data breach has become increasingly common across a wide
range of sectors.

According to the cybersecurity company Emsisoft, ransomware attackers
targeted 966 government agencies, schools and health care providers in
2019, at an estimated cost of $7.5 billion.

Many companies have strengthened their cybersecurity in recent years
and trained employees to recognize phishing scams — one of the most
common ways ransomware attacks gain access to internal systems.

Still, ensuring the security of third-party vendors remains a
challenge, said Scherrer, particularly as attacks become more
sophisticated.

“The attack techniques evolve literally on a day-to-day basis,” he
said. “They’re approaching this as a business, as a revenue generator,
so they’re going to adapt their techniques and procedures to maximize
their returns.”

A spokesperson for Ameren Missouri said the company was investigating
the data breach but added that it has “no reason to believe that the
information obtained is confidential or critical to our operations.”

“In some cases, standard schematics or drawings are shared with
equipment suppliers to support the procurement of certain assets,” the
spokesperson said in an email. “But these do not contain classified or
confidential information.”


More information about the BreachExchange mailing list