[BreachExchange] EDP data breach highlights need for cybersecurity

Destry Winant destry at riskbasedsecurity.com
Mon Apr 27 10:08:42 EDT 2020


EDP, which had a revenue of almost €17.5bn in 2018, is being extorted
by cybercriminals for 1,580 BTC (Bitcoin - a value of €9.9mn). Using
‘RagnarLocker’ ransomware, the attackers have encrypted the company’s
systems and rendered them unusable.

The compromisation of EDP’s systems is of great significance for the
global energy market - it is one of the largest electricity and gas
providers in Europe, as well as the fourth-largest producer of wind
energy in the world.

Defending against ransomware

With over 11mn customers in 19 countries on four continents, the scale
of the attack is of truly international significance. So far, the
perpetrators have threatened to leak 10 TB of sensitive information if
their demands are not met.

Rob Fitzsimons, field applications engineer at Telesoft, a firm
specialising in cybersecurity, said that EDP’s predicament underscores
the necessity for robust digital defences, particularly as more and
more people work remotely.

“EDP’s span is so vast that suffering a data breach would have huge
ramifications for its reputation. That’s why it and other critical
national infrastructure suppliers are prime targets.”

Whilst conceding that paying the ransom can be tempting, Fitzsimons
strongly urges against taking this action, “Of course, there’s no
guarantee that hackers will unencrypt data once ransoms have been paid
– these aren’t typical business transactions governed by ethics.”

The sophistication of modern malware is such that it can easily pass
unnoticed at the point of infection if due diligence is not being
paid. Because of this, Fitzsimons states that employers and employees
must coordinate a security strategy as the first line of defence.

“Defending against ransomware, particularly a highly targeted strain
such as RagnarLocker which undertakes comprehensive reconnaissance of
its targets before it’s actually deployed, necessitates complete
visibility into network traffic.

“Any irregular activity, no matter how seemingly insignificant, could
be malicious actors carrying out the groundwork for future attacks, so
they must be investigated,” he said.

Making a cybersecurity plan

In a previous article, Energy Digital explored Siemens’
recommendations for enhancing cybersecurity for remote workers. As a
dominant trend for contemporary workforces because of the COVID-19
pandemic, companies need to ensure that staff are adequately prepared:

Secure connections: Knowingly giving access to strictly confidential
or important systems to workers who cannot guarantee security is
unacceptable, therefore companies must carefully assess what plant
operators require access to in order to mitigate the risk of

Monitor anomalies: Because remote working is currently outside general
‘normal working conditions’, it may be difficult to differentiate
between a cyberattack and legitimate operator usage. Careful
monitoring of the system will help to establish a baseline to measure

Prepare an incident response plan: Workers may be off-site, ill or
otherwise not able to respond in their normal capacity during a
cyberattack event. Plants must factor in these changes and alter
response plans accordingly.

“While the COVID-19 crisis makes these steps urgent, several long-term
trends that pre-date the pandemic will drive similar changes,”
Simonovich states.

These changes will include new operating models, automation and
advanced training for remote workforces. Due to the unknown length of
the current pandemic and its effect on global lifestyles, companies
should prepare for these changes over the long-term.

More information about the BreachExchange mailing list