This special interest group covers mobile technologies and approaches that are helping utilities do business today. 

Post

Phishing Becomes Mobile Management Nightmare

image credit: Photo 5032291 © Yanik Chauvin | Dreamstime.com
Paul Korzeniowski's picture
B2B Content producer Self-employed

Paul is a seasoned (basically old) freelance B2B content producer. Through the years, he has written more than 10,000 items (blogs, news stories, white papers, case studies, press releases and...

  • Member since 2011
  • 1,285 items added with 424,179 views
  • Nov 17, 2021
  • 134 views

Hackers think they have found an easy way into energy company networks: mobile phishing attacks, which increased a whopping 161% since April 2021, according to Lookout. As a result, utilities need to take steps to protect their mobile devices and enterprise networks.

Phishing is a form of malware that tries to trick employees into clicking on bogus links, which are disguised legitimate correspondences, such as emails from coworkers or customers. Once inside, the bad guys attack in various ways. They steal credentials, compromise systems, and move around horizontally and vertically within your organization’s technology infrastructure looking for sensitive data that they can sell to other crooks.

Your access to Member Features is limited.

Phishing expeditions are often coupled with ransomware attacks. Here, the criminals take over a company’s computer systems, hold them hostage, and demand payment in order to set them free.

The type of attack has been changing. Initially, phishing attacks were conducted via email. Recently, mobile devices have become the primary delivery mechanism. Here, the crooks send phishing links through any mobile application that has a communications functionality.

Phishing and ransomware have been effective and have found their way into even the largest, most sophisticated energy companies’ computer systems. In April, Colonial Pipeline fell victim to phishing and ransomware attacks and paid hackers $4.4 million to regain control of their systems.

That success seems to have triggered a wave of copycat attacks. The Lookout survey found that energy providers encounter mobile phishing threats at twice the rate seen in other industries: 8% of their systems have been attacked.

Close Security Holes

Mobile systems are attractive because users are not security experts. In addition, internal technology teams may not spend as much time securing mobile devices as other systems. The reality is that any app in mobile application, including remote service and fleet management systems, can have significant security and compliance ramifications, whether it’s the permissions they request, the Software Development Kits they use, or the vulnerabilities in various business applications.

Energy companies need to take a few steps to remediate the potential security problems. First, they need to be aware of how widespread these attacks are. Then, they must invest in security solutions that help them identify when outsiders try to get into their systems and put checks in place to keep them out.

Security is only as strong as its weakest link, which in this case is employees. So in addition, companies need to educate them not only on what phishing is but also take steps to not make themselves victim to the ruse.

Such initiatives require funding to be effective. Consequently, management needs to understand what the challenge is and then be willing to invest in products and training to address it.

Securing mobile devices has become more difficult recently because of a rise in phishing and ransomware attacks. Utilities have become prime targets for these tricks. As a result, utility management must recognize the problem, invest in solutions that recognize and thwart the malware; and train employees in recognizing these attacks. If not, they, like Colonial Pipeline, may become the hackers’ next victim.

 

Paul Korzeniowski's picture
Thank Paul for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »