Utilities’ vulnerability to application exploits goes from bad to worse in just weeks.
The amount of time that utility networks spend exposed to a known application exploit has spiked over the past two months — something analysts called out as a “concerning datapoint,” and an important reminder that ransomware isn’t the only threat utility networks need to secure against.
A new report from WhiteHat Security measured the amount of time a sector remained vulnerable to a known application exploit out in the wild, a metric they call an industry’s window of exposure (WoE). They found the WoE for the utility sector climbed from 55 percent two months ago to 67 percent last month.
“Application specific attacks are equally prevalent, if not more likely, than ransomware (Colonial Pipeline is fresh in our minds),” the report explained. “Application weakness is an easy backdoor for the installation of ransomware, especially given the high-impact nature of the ransomware in utilities.”
And, ransomware attacks on utilities certainly persist at critical threats. In February, Eletrobras, the largest power company in Latin America, along with electric provider Companhia Paranaense de Energia (Copel), was forced to suspend operations following a ransomware attack.