On Monday, the ENTSO-E confirmed that its IT network had been intruded into. Fortunately, the office network that was compromised did not have connections to any operational electric transmission system, which means the attack only affected IT systems and not the critical control systems. Lack of evidence thus far has made it difficult to determine what entity may be behind the attack, but a breach of this nature could lead to reconnaissance of supported utility operations or open the door for phishing attacks.
Analyst Notes
Since this breach could simply be a precursor to future attacks, it is important to have solid defense-in-depth strategy in place. This involves a good Endpoint Detection and Response solution (EDR) and appropriate staff to monitor alerts to catch intrusions and help mitigate attacks in progress before they spread throughout a company. Another good defense strategy is to educate employees on phishing attacks and teach them how to spot them. Attackers often take advantage of employees who are not educated on the topic and use it as an initial point of entry into a company’s network. For more information on the breach please visit: https://www.cyberscoop.com/european-entso-breach-fingrid/
