Currently, TI Safe is responsible for the cyber security of the operating networks of electricity distribution companies that supply 50 million Brazilians, that is, it has a deep knowledge of the risks for the sector and knows how to contain invasion attempts. To help electrical companies deal with this new coronavirus pandemic scenario, in which hackers are increasingly active and taking advantage of current vulnerabilities, TI Safe hosted a webinar on May 07th. It was the first in the series programmed by the company to share technical knowledge and answer questions. “We decided to share perceptions about the increase in cyber attack attempts in the past two months. But, despite the focus being on the electricity sector, we are certain that the other critical infrastructure segments are also facing the same type of problem ”, highlights Marcelo Branquinho, CEO of TI Safe.
Based on the analysis obtained by its ICS-SOC, TI Safe diagnosed that, between February and April this year, there was an increase in the internal traffic of the monitored companies of around 10%. In the same period, the number of calls per service increased by 50%. Thiago Branquinho, CTO at TI Safe, explains that many triggers were related to remote access, which was released to employees by monitored companies, but there were also many requests for enforcement of rules and other security features. “The traffic we see does not follow the pattern. The ICS-SOC team recorded more attempts at cyber attacks. For this reason, we considered that it was time to hold a webinar to alert companies in the sector ”, explains Thiago.
In the evaluation of TI Safe specialists, in addition to all the social-economic-political impact, the new coronavirus is also accelerating the digital transformation in all companies, mainly from telework, but not only through it.
For Marcelo Branquinho, the quarantine is the perfect environment for the hacker who has spent more time attacking companies through fake applications, attacks by PhishingBy ransomware, for fake web domains and information theft. “People and companies are facing a new reality in teleworking. In this environment, we are also seeing an increase in the number of incidents ”.
The assessment of increased attacks was not diagnosed only by TI Safe. Attempts at invasion have increased worldwide. Proof of this is that the American president, Donald Trump declared on May 1 a national emergency because of threats by foreign hackers to the American electrical system. “These attacks changed the profile, they were no longer directed, as they usually did. Now they are attacks with the concrete objective of targeting electricity companies and are carried out by articulated groups with the purpose of making electricity companies unavailable ”, evaluates Marcelo.
The CEO of TI Safe notes that these attacks typically start with the Information Technology (IT) network and then expand into the Automation Technology (TA) network. Depending on the security of the IT network, the attack can be stopped. But even if IT is able to block the attack, the fact that the attacker reaches this network is already a concern. “In IT, information such as customer database, billing information, service records for the population are allocated”, explains Marcelo. An attack on the IT network, in his opinion, however, is not the worst that can happen. “When IT is reached, services for the population may be unavailable for a while, billing can be harmed, but if it arrives at the TA - which is an operating network and the core business of an electric company - then the damage can be great ”, he evaluates. According to the expert, if the supervisory servers; network control and supervision operations; and substation controls are encrypted and dominated by hackers, large scale blackouts can occur.
And how can companies in the electricity sector have structured protection for their type of business? TI Safe has prepared a list of 11 key guidelines. Check out the webinar: "The increase in attacks against energy companies in Brazil in the pandemic ”