Phishing Becomes Mobile Management Nightmare
- Nov 16, 2021 12:21 pm GMT
Hackers think they have found an easy way into energy company networks: mobile phishing attacks, which increased a whopping 161% since April 2021, according to Lookout. As a result, utilities need to take steps to protect their mobile devices and enterprise networks.
Phishing is a form of malware that tries to trick employees into clicking on bogus links, which are disguised legitimate correspondences, such as emails from coworkers or customers. Once inside, the bad guys attack in various ways. They steal credentials, compromise systems, and move around horizontally and vertically within your organization’s technology infrastructure looking for sensitive data that they can sell to other crooks.
Phishing expeditions are often coupled with ransomware attacks. Here, the criminals take over a company’s computer systems, hold them hostage, and demand payment in order to set them free.
The type of attack has been changing. Initially, phishing attacks were conducted via email. Recently, mobile devices have become the primary delivery mechanism. Here, the crooks send phishing links through any mobile application that has a communications functionality.
Phishing and ransomware have been effective and have found their way into even the largest, most sophisticated energy companies’ computer systems. In April, Colonial Pipeline fell victim to phishing and ransomware attacks and paid hackers $4.4 million to regain control of their systems.
That success seems to have triggered a wave of copycat attacks. The Lookout survey found that energy providers encounter mobile phishing threats at twice the rate seen in other industries: 8% of their systems have been attacked.
Close Security Holes
Mobile systems are attractive because users are not security experts. In addition, internal technology teams may not spend as much time securing mobile devices as other systems. The reality is that any app in mobile application, including remote service and fleet management systems, can have significant security and compliance ramifications, whether it’s the permissions they request, the Software Development Kits they use, or the vulnerabilities in various business applications.
Energy companies need to take a few steps to remediate the potential security problems. First, they need to be aware of how widespread these attacks are. Then, they must invest in security solutions that help them identify when outsiders try to get into their systems and put checks in place to keep them out.
Security is only as strong as its weakest link, which in this case is employees. So in addition, companies need to educate them not only on what phishing is but also take steps to not make themselves victim to the ruse.
Such initiatives require funding to be effective. Consequently, management needs to understand what the challenge is and then be willing to invest in products and training to address it.
Securing mobile devices has become more difficult recently because of a rise in phishing and ransomware attacks. Utilities have become prime targets for these tricks. As a result, utility management must recognize the problem, invest in solutions that recognize and thwart the malware; and train employees in recognizing these attacks. If not, they, like Colonial Pipeline, may become the hackers’ next victim.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.