Blog Post

Elexon Hit by Cyber Attack

Richard Simmonds • May 15, 2020

Elexon, the administrators of the Balancing and Settlement Code on behalf of the UK electricity industry was hit by a cyber attack on May 14th.

The energy Sector is a Prime target for cyber attacks

According to the electricity system’s administrator, Elexon via a message posted on its website, the company said the incident impacted its internal IT network, employee laptops and its company email server. The attack forced the server to be taken down, cutting employees off from communications.

The energy sector is a prime target for cyber criminals and attacks due to the amount of valuable and sensitive data that is handled. The possibility of causing severe disruption to the nation’s critical infrastructure also makes it an appealing target for hostile state backed attackers.

As a result of the breach, National Grid has launched an investigation to see whether the attack could possibly impact the part of the organisation tasked with keeping the power on.

“Electricity supplies have not been affected, and there were ‘robust cybersecurity measures in place’ to make sure the UK continues to receive reliable electricity. We’re aware of a cyber intrusion on Elexon’s internal IT systems. We’re investigating the matter and any potential impact on our own IT networks,” a National Grid spokesman said.

Elexon has identified the source of the attack saying, ““We have identified the root cause of a cyber-attack and are working to resolve the issue.”

No more details were given.

Ransomware to blame?

According to cybersecurity experts the attack most likely came in the form of a Ransomware attack due to the fact that employees lost all access to their email servers.

Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid.

Due to most ransomware attacks being the result of someone clicking on an infected email attachment or visiting a hacked or malicious website, questions are sure to be raised as to how Elexon fell victim.

The Pandemic is leaving organisations exposed

Practically every employee in every firm in the UK who is able is now working from a makeshift desk on their kitchen table.

The lockdown meant that IT teams over had a few short days to get remote working plans into place.

For organisations that have never done or were prepared for remote working before, this has resulted in employees using personal laptops on unsecured home internet connections that they’re using to access confidential data.

This is a cyber criminal's dream scenario as now they will only need to breach one entry point in order to get to an entire corporate network.

Regular patching is vital to cybersecurity

According to one threat intelligence company, Elexon was running an outdated version of Pulse Secure, an enterprise-level SSL VPN server that allows employees to gain access to the company’s internal networks via the internet.

The threat intelligence company said that warnings had been issued about a major vulnerability in the VPN server as far back as last summer and that Elexon had been running an out of date version.

Regular patching of both software and hardware is a key part of reducing the cybersecurity risks every organisation faces. Attackers rely on businesses failing to keep their software and hardware up to date with the latest security patches.

What’s worse about this attack is that UK and US cybersecurity agencies have sent out multiple warnings over the vulnerability, which is a favourite for hackers to exploit to breach corporate networks and launch ransomware attacks.

Covid-19 pandemic causes 238% surge in number of recorded cyber attacks

With so many people working from home because of the Coronavirus pandemic it makes perfect sense that cyber attackers will be seeking to exploit the situation.

People working from home make a particularly favourable target due to many workers not understanding the cybersecurity basics and having to use more vulnerable routers. As seen with the Elexon breach, unless a VPN is kept to date with the latest security patches they too can be breached.

According to cybersecurity firm Carbon Black, financial organisations and the healthcare sector experienced a massive increase in cyberattack attempts between February and April this year.

In a recently published survey, it was shown that 80% of firms have experienced more cyberattacks over the past 12 months, an increase of 13% year-over-year.