Various organisations in the renewables industry have fallen victim to a campaign of cyberespionage attacks over the past three years

Large-scale cyberespionage, used on numerous occasions to breach the cybersecurity of organisations and get hold of their critical data, is no exception in the renewable energy industry, which, according to Bleeping Computer, has been subjected to a campaign of large-scale attacks over the past three years. The technology news website reports that as many as 15 recognisable entities around the world have been impacted in different ways by professional hackers.

The campaign of attacks, orchestrated with the aim of stealing the login credentials of employees at these renewable energy companies in order to gain access to the desired information, was run from domains “*.eu3[.]biz”, “*.eu3[.]org” and “*.eu5[.]net”, using phishing techniques focused on compromised websites with Brazilian domains. This wave was discovered by security researcher William Thomas, part of the Curated Intelligence trust group, by using OSINT (open-source intelligence) techniques such as DNS scans and public sandbox submissions.

These analyses revealed that the cyberespionage attacks, whose precise impact on the renewable energy industry is still unknown, were carried out using relatively unsophisticated but effective phishing technology such as the customised “Mailbox” toolkit, together with the aforementioned compromised legitimate websites to host phishing pages. Furthermore, and although it is not possible to attribute the campaign to a specific actor, the evidence obtained by Thomas points to two main groups, one being APT28 (FancyBear) and the other Konni (located in North Korea).

How does cybersecurity protect against cyberespionage attacks?

Preventing cyberattacks involves having the necessary tools for a powerful security network. Situations such as digitalisation, with the exposure of data that it entails, and new working models, with multiple logins from unknown networks, mean that the security systems we have known up until are lagging behind.

This is why the data-digitalisation duo needs to become a trio by adding cybersecurity, which involves deploying advanced solutions that guarantee the security of IT equipment and the teams responsible for operational processes. And this applies to any industry.

Ikusi’s cybersecurity solution monitors website traffic by combining security and control mechanisms applied to website browsing, email and cloud applications (SaaS) to reduce risks arising from the use of these platforms, and to protect the organisation and its customers. With these aims in mind, Ikusi, with more than 50 years of industry experience, offers a demo to protect you by using intelligence that combats threats on multiple fronts.

This cybersecurity solution inspects traffic and applies policies that restrict access to unauthorised or unsafe websites, blocking unsolicited messages (SPAM) and malicious email attachments. It also detects risks and anomalies in the behaviour of common SaaS applications, such as logins from unauthorised locations or the sending of confidential or sensitive information outside the organisation.

This solution is based on the combined application of best-of-breed tools, such as Cisco Secure Email, blocking ransomware delivered via spam and phishing emails; Cisco Umbrella, making security more visible and detecting compromised systems; Cisco Secure Endpoint, protecting against endpoint ransomware; Cisco SecureX, dramatically reducing dwell time and human-driven tasks; Cisco Secure Access by Duo, preventing adversaries from using stolen credentials to establish a foothold; and Cisco Secure Network Analytics, detecting problems in the agentless network and monitoring online traffic.