View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Second Critical Electricity Network Provider Hacked in 8 Weeks

Second electricity market actor to be hit in eight weeks

By CBR Staff Writer

Elexon, an organisation that is central to the balancing and settlement of the UK electricity market has been hit by a cyber attack that has knocked out its internal emails, the second such worrying incident for Europe’s power market in eight weeks, as malware creeps closer to critical national infrastructure.

The incident, reported on Thursday afternoon, crippled its email server in an attack that bears the hallmark of ransomware. Elexon says its “central systems” were unaffected and that it has identified the “root cause”. Its 100+ London staff are unable to send or receive emails from official addresses.

The company was reported as recently as March to have been running an unpatched Pulse Secure VPN server, according to scans by Bad Packets. This is currently among the juiciest of targets for cyber criminals.

As US government agencies warned yesterday, “Malicious cyber actors are increasingly targeting unpatched Virtual Private Network vulnerabilities (including) an arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781 [and] an arbitrary file reading vulnerability in Pulse Secure VPN servers, known as CVE-2019-11510.”

Content from our partners
European Technology Leadership: Deutsche Bank CTO Gordon Mackechnie
Print’s role in driving the environmental agenda
What finance leaders get wrong about digital transformation

Elexon runs the UK’s balancing and settlement code (BSC).

It also compares “much electricity generators and suppliers say they will produce or consume with actual volumes. We then work out a price for the difference and transfer funds. This involves taking 1.25 million meter readings every day and handling £1.5 billion of our customers’ funds each year.”

The incident comes just two months after the organisation responsible for overseeing the operations of Europe’s high voltage power infrastructure was also hit by a malware campaign. ENTSO-E, formed in 2008, represents 42 Transmission System Operators (TSOs) across 35 member states.

The organisation said tersely on March 9 that it had “recently found evidence of a successful cyber intrusion into its office network.”

Neither Elexon not ENTSO-E have publicly published further details of the intrusion, initial vector, or malware type. While successful network segmentation appears to have minimised the impact, market observers will be concerned at ransomware attacks creeping increasingly closer to CNI.

See also: Ransomware is Encrypting Backups Too, Warns NCSC — From Cloud, to USB

 

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU