Threat Watch

Italian Energy Sector Under Attack

During the past week the Italian multinational oil company Eni suffered what appears to be a ransomware attack. At the time of writing, no information on the threat actors behind the attack or how they were able to gain access to Eni’s systems has been made clear, but that will likely be disclosed as investigations continue. It has been a busy few days for the energy sector of Italy: Gestore dei Servizi, Italy’s energy agency, was breached as well. Mirko Gatto, chief executive officer at the Italian cybersecurity firm Yarix made this statement in an interview, “Ransomware groups are aware that to ensure continuity of services energy companies may be willing to pay large ransom sums in exchange for unlocking the affected systems.” It is unclear whether the two attacks were connected.

ANALYST NOTES

Without an effective recovery plan or protection measures, it’s highly likely the attack on Eni would have been significantly worse. In the today’s threat environment, it is crucial for companies to deploy a defense in depth (DiD) strategy that provides an overlapping series of internal protections. Additionally, it is essential to deploy and regularly test data backups and disaster recovery infrastructure. Keeping secure backups offline in the event of a ransomware or other cyberattack reduces costly disruptions. Security strategies can be complex; it is recommended to considering using an end-point monitoring service like those offered by Binary Defense.

Threat actors breached the network of the Italian oil company ENI