Why cyber criminals are interested in attacking vital Kan. companies

Bizar Male
A networking router. Brian Grimmett / Kansas News Service

Kansas News Service

Hackers pose a growing threat to nearly any network, including the power grid that lets you reliably turn on the lights.

Experts say utilities offer an attractive target: operations with money to extort and that simply can’t afford a shutdown.

the two largest utility companies in Kansas, Evergy and Kansas Gas
Service, declined interviews on their cyber defenses. Instead, they
issued statements that they take threats seriously. They say they work
with experts and maintain ongoing conversations across their industry to
ward off attacks.

Still, the danger remains that attacks that
shut down the country’s largest fuel pipeline last month and the world’s
largest meat processor — attacks overcome only after combined ransom
payments topping $15 million — could hit electric companies.

“Any electronic device that is attached to the internet is at risk,” said Phil Kirk, regional director for the Cybersecurity and Infrastructure Security Agency.

companies that provide a service that needs to operate uninterrupted
are particularly interesting targets for cyber criminals looking to
steal a company’s information and extort them for a ransom.

response to the latest high-profile attacks, Kansas utilities, large and
small, say they’re doing what they can to keep themselves protected.


hackers typically tap into a corporate or government system, seize
control of its data or even its controls, and demand payment to back
off. It’s not a new kind of attack, but has seen a considerable uptick
in use in the past few years.

A report from the cybersecurity company Palo Alto Networks
says that U.S. companies paid about $115,000 in ransomware attack
payments in 2019. That increased to more than $310,000 in 2020. The 2020
number includes a $10 million dollar ransom payment from Kansas-based tracking and fitness company Garmin.

a ransomware attack in May forced Colonial Pipeline to shut down one of
its major pipelines leading to gasoline shortages on the East Coast. A
Russian-tied hacker group known as DarkSide is linked to the attack that
targeted the company’s financial systems. Colonial paid a $4.4 million
ransom to get its systems back online.

“It’s our belief that paying ransom only encourages more of that malicious activity,” Kirk said.

The FBI has been able to recover about half of the ransom Colonial paid.

How to stay protected

two largest utility companies in Kansas, Evergy and Kansas Gas Service,
said they’re continuing  to train employees on basic cybersecurity
defenses. That includes how to avoid clicking on phishing emails, where
an attacker tries to get someone to click on a link in an email that
actually installs malware on their computer.

“It’s not clear how effective or helpful that is, but we keep trying,” said Josephine Wolff, an assistant professor of cybersecurity policy at Tufts University.

She said keeping a company protected from attacks is difficult, but there are a few things that all of them should be doing.

should be creating backups of all of their important data and
information. And those backups should be on a separate system or network
than the originals. They should also be updating their software as soon
as any update becomes available.

She said another important
component is being able to quickly detect any unusual activity on a
system and having methods to be able to isolate and detach that computer
from the broader network.

“We should never assume that anybody
knows what they’re doing when it comes to cybersecurity,” Wolff said.
“Look at the massive companies that have tremendous resources to invest
in security that are being compromised this way in just the past few

Cyber Insurance

Some companies are turning to cyber insurance to mitigate the costs of a successful attack.

Insurance Information Institute says the number of cyber insurance
policies in the U.S. grew from 2.2 million to 3.6 million between 2016
and 2019. Those policies provide more than $3 billion in coverage.

five or six years ago, not many U.S. companies were buying cyber
insurance,” Loretta Worters, vice president of communications for the Insurance Information Institute
said. “They had a hard time quantifying how high of a risk they faced
and whether or not there was a cost/benefit associated with transferring
some of the exposure to insurers.”

The plans often include coverage to recover the costs of ransom payments. Cybersecurity expert Wolff said that’s a bad idea.

a really damaging trend,” she said. “Because it means that the victims
themselves sort of feel like, ‘Oh, I’ve prepared for this. I’ve got
insurance. I’ll just make this payment. I won’t even have to cover most
of it.’ And that kind of routinizes the whole idea of paying the ransom
as just a normal cost of doing business.”

Ultimately, protecting
against cyber threats such as ransomware attacks is a game of cat and
mouse. Attackers are searching for vulnerabilities as quickly as even
the most careful companies can find them and fix them. And experts say
if the attacks, especially against critical infrastructure, continue to
remain a lucrative prospect, you’ll continue to see their popularity and
impact grow.

“A vulnerability that does not exist today may be
found and taken advantage of tomorrow,” said Kirk, the federal
cyberdefense official. “It’s not a do it once and you’re done thing —
it’s an ongoing continuous effort.”

Brian Grimmett reports on
the environment, energy and natural resources for KMUW in Wichita and
the Kansas News Service. You can follow him on Twitter @briangrimmett or email him at [email protected]

Next Post

Trump was wrong about the law, Obamacare politics and his judges

WASHINGTON — Former President Donald Trump promised to repeal Obamacare, the health insurance program that helped fuel the backlash tea party movement and ultimately his own candidacy. If Trump couldn’t get Congress to do away with the law — and he couldn’t, even with Republicans in control of both chambers […]