{"id":7334,"date":"2021-12-14T09:57:29","date_gmt":"2021-12-14T17:57:29","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7334"},"modified":"2021-12-14T09:58:30","modified_gmt":"2021-12-14T17:58:30","slug":"public-utilities-in-the-cyberthreat-bullseye","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/","title":{"rendered":"Public Utilities in the Cyberthreat Bullseye"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Public utilities remain in the bullseye for cyberattackers. This past week, the Delta-Montrose Electric Association (DMEA) disclosed that it had discovered an internal network breach on November 7, 2021. Earlier this year the rural Alabama electric cooperative, Wiregrass Electric Cooperative, also experienced a ransomware attack. This is part of an ongoing wave of attacks upon public utilities, and it is one that will likely continue to increase over time.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">What we\u2019ve seen over time is a dangerous convergence and alignment of threat actors against our public utilities. These are clearly high value targets both for organized crime (financial extortion) and nation-states that seek to promote their policies through the threats they can successfully leverage against public utilities.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Some of the attacks have been highly dangerous. In 2015 we witnessed a dangerous nation-state sponsored cyberattack which brought down the power for hundreds of thousands of homes in the Ukraine. These are the very real threats faced by public utilities today. Many nation-state threat actors have likely stored away carefully acquired Zero Days necessary to launch future attacks against public utility infrastructure.\u00a0<\/span><\/p>\n<h3><b>The DMEA Electric Association Ransomware Attack<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Just this past month, DMEA discovered a targeted effort to access portions of its internal network system by an unauthorized third party. As a result, DMEA lost 90% of internal network functions, and a good portion of their data, such as saved documents, spreadsheets, and forms, was corrupted. It also impacted DMEA phones and emails.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Fortunately, the DMEA power grid and fiber network remained unaffected by the incident. Some news sources have noted that the attack seems to have been caused by file-oriented ransomware, although no specific type of ransomware has been called out just yet. If ransomware, then the motivation was clearly financial and more likely organized crime.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DMEA has a good playbook in place for response, and they have benefited from this preparation. DMEA engaged immediately with cybersecurity experts and other important government resources brought in to assist in investigating the scope of the incident and better understand the impact on DMEA and DMEA membership. That investigation is still ongoing at this time.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The restoration of networks and normal operations will take DMEA time. DMEA estimated that member payments can begin during the first week or so in December. This includes payments via SmartHub, payments Kiosks. They also expect to resume member billing in roughly the same timeframe. DMEA suspended all penalty fees and disconnections for non-payment through January 31, 2022.\u00a0<\/span><\/p>\n<h3><b>The Rural Alabama Electric Wiregrass Electric Cooperative Ransomware Attack<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Recently this year the Wiregrass Electric Cooperative was recovering from a ransomware attack which required that both member account information and payment systems were taken offline for maintenance. During this maintenance period, the disconnection of prepaid accounts that reach a zero balance was suspended. Remediation required a detailed review of every server, every laptop, and every computer.<\/span><\/p>\n<h3><b>The Convergence of Attacks on Public Utilities &#8211; A Walk Through Time<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Let&#8217;s go to ground zero to get a sense of where we are headed. History perhaps shines a light on the blueprint for the future. Going back to March 2007 the U.S. government Department of Energy sponsored a test called the Aurora Generator Test. The purpose of the test was to demonstrate how a carefully targeted cyberattack could physically destroy components within the electric grid. <\/span><a href=\"https:\/\/www.youtube.com\/watch?v=fJyWngDco3g\"><span style=\"font-weight: 400;\">This video<\/span><\/a><span style=\"font-weight: 400;\">, obtained by the Freedom of Information Act by a major news service, was subsequently posted on youtube and shows the test.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A 27 ton 2.25-megawatt power generator was set up within a test chamber at the Idaho National Laboratory. In order to start the test, one technician entered 21 lines of malicious code via a digital relay. The code, in turn, opened a circuit breaker in the generator\u2019s protection system, and then rapidly closed it which created a non-recoverable synchronization fault.\u00a0 Initially, you can see parts come loose and fly off the generator.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In <\/span><a href=\"https:\/\/www.youtube.com\/watch?v=fJyWngDco3g\"><span style=\"font-weight: 400;\">the video<\/span><\/a><span style=\"font-weight: 400;\"> you can see the shaking as housings crack, and the unit belches smoke, bursts into flames, and then ceases to function. The Aurora test was an early proof point for what the Government expected to see in the future as the internet developed, and as current and future adversaries emerged. Well, it is here now. No one should be surprised.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Many of the techniques that would be used today are based upon many of the same principles. Stuxnet evolved these further, though not in the service of an attack on a public utility, but instead an attack on thousands of Iranian centrifuges within a highly protected underground complex.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As time passed, utilities continued to remain in the spotlight. In 2017 threat actors stepped up again. Rather shamelessly, a new threat actor, Xenotime, seems to have specialized in the compromise of industrial safety systems.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Xenotime, as some of us may recall, is the threat actor behind the 2017 Trisis\/Triton malware attacks and likely the cause of others. In 2017 Xenotime rose to visibility when Dragos and FireEye jointly published details of the Trisis\/Triton attack in which they targeted Schneider Electric\u2019s Triconex safety instrumented system. The malware used caused multiple industrial systems in a Middle Eastern facility, believed to be in Saudi Arabia, to shut down.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Xenotime appeared to target the Triconex industrial safety technology made by Schneider Electric SE in what seems to have been a state sponsored attack. The computer security company Symantec claimed that the malware, known as \u201cTriton\u201d, exploited a vulnerability in computers running the Microsoft Windows operating system.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let&#8217;s be crispy clear. The goal of an industrial safety system is to provide safety. This is done by providing error-free, fault-tolerant control of industrial systems, usually through the use of totally redundant command and control modules. Simply put, the targets of Xenotime are centered around the compromise of safety systems\u2014this implies that significant damage and the loss of human life were considered as goals or likely fallout from the attack. Safety systems are there to protect people, the compromise of these systems is designed to potentially hurt people. When these are compromised, the resulting failure can result in widespread destruction, explosions, and other hazards depending on the infrastructure being safely controlled.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Every day and every month threat actors, some nation-state supported, continue to align their time and resources against public utilities around the world. The sophistication and capability of these threats, whether driven by ransomware, or by sophisticated software designed to compromise the process control infrastructure common to many utilities, continue to increase.<\/span><\/p>\n<h3><b>DNS is an Essential Part of Your Defense<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">It&#8217;s tough out there now.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You need a full security stack for your clouds, your on-premise resources, your IoT and related process control components, and your remote workers &#8211;\u00a0 a critical part of this stack is DNS security.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS is in the kill chain in the great majority of attacks. Sooner or later, malware tools must reach back to command &amp; control and DNS is used as a covert communication channel for this purpose. In some cases, attackers use\u00a0 malicious domains and IP addresses\u00a0 that could already have a reputation and may be identified by threat intelligence. In many other cases the behavior of DNS queries, in context, can provide the critical clues you need to identify and stop the attack.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS is ubiquitous and frequently used as an attacker technique for malware infiltration and data exfiltration. Standard security controls and technologies such as next-gen firewalls, IPS, and gateways generally do not inspect DNS for detecting malicious communications. Much of the time they are unable to prevent specific attacks such as DNS data exfiltration . Most importantly, they are not able to detect the subtleties of newly created malicious addresses and domains.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Infoblox <\/span><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">BloxOne Threat Defense<\/span><\/a><span style=\"font-weight: 400;\"> enables public utilities&#8217; information technology and security teams the ability to leverage DNS to improve their security posture. DNS security provides the highest visibility into malicious activity so that the cyberattackers can be detected and shut down early in the kill chain of events.<\/span><\/p>\n<h3><b>Rewards for Justice Reporting<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The problem is well understood, and the Feds have stepped up to help the State and local governments that often control these public utilities. At this time, the U.S. Department of State\u2019s Rewards for Justice (RFJ) program offers a reward of up to $10 million for reports of foreign government malicious activity against U.S. critical infrastructure including many types of public utilities. See the <\/span><a href=\"https:\/\/rewardsforjustice.net\/english\/malicious_cyber_activity.html\"><span style=\"font-weight: 400;\">RFJ website<\/span><\/a><span style=\"font-weight: 400;\"> for more information on how this can work.<\/span><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Public utilities remain in the bullseye for cyberattackers. This past week, the Delta-Montrose Electric Association (DMEA) disclosed that it had discovered an internal network breach on November 7, 2021. Earlier this year the rural Alabama electric cooperative, Wiregrass Electric Cooperative, also experienced a ransomware attack. This is part of an ongoing wave of attacks upon [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":7172,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[444,580,616,288,30],"class_list":{"0":"post-7334","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-utilities","9":"tag-cyber-threat","10":"tag-dmea","11":"tag-ransomware","12":"tag-dns","13":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Public Utilities in the Cyberthreat Bullseye<\/title>\n<meta name=\"description\" content=\"Public Utilities in the Cyberthreat Bullseye. Public utilities remain in the bullseye for cyberattackers. This past week, the Delta-Montrose Electric Association (DMEA) disclosed that it had discovered an internal network breach on November 7, 2021. Earlier this year the rural Alabama electric cooperative, Wiregrass Electric Cooperative, also experienced a ransomware attack. This is part of an ongoing wave of attacks upon public utilities, and it is one that will likely continue to increase over time.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Public Utilities in the Cyberthreat Bullseye\" \/>\n<meta property=\"og:description\" content=\"Public Utilities in the Cyberthreat Bullseye. Public utilities remain in the bullseye for cyberattackers. This past week, the Delta-Montrose Electric Association (DMEA) disclosed that it had discovered an internal network breach on November 7, 2021. Earlier this year the rural Alabama electric cooperative, Wiregrass Electric Cooperative, also experienced a ransomware attack. This is part of an ongoing wave of attacks upon public utilities, and it is one that will likely continue to increase over time.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-14T17:57:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-14T17:58:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blackmatter-ransomware.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"Public Utilities in the Cyberthreat Bullseye\",\"datePublished\":\"2021-12-14T17:57:29+00:00\",\"dateModified\":\"2021-12-14T17:58:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/\"},\"wordCount\":1407,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blackmatter-ransomware.jpg\",\"keywords\":[\"Utilities\",\"Cyber threat\",\"DMEA\",\"Ransomware\",\"DNS\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/\",\"name\":\"Public Utilities in the Cyberthreat Bullseye\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blackmatter-ransomware.jpg\",\"datePublished\":\"2021-12-14T17:57:29+00:00\",\"dateModified\":\"2021-12-14T17:58:30+00:00\",\"description\":\"Public Utilities in the Cyberthreat Bullseye. Public utilities remain in the bullseye for cyberattackers. This past week, the Delta-Montrose Electric Association (DMEA) disclosed that it had discovered an internal network breach on November 7, 2021. Earlier this year the rural Alabama electric cooperative, Wiregrass Electric Cooperative, also experienced a ransomware attack. This is part of an ongoing wave of attacks upon public utilities, and it is one that will likely continue to increase over time.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blackmatter-ransomware.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/blackmatter-ransomware.jpg\",\"width\":612,\"height\":408,\"caption\":\"Hackers using laptop computers to penetrate security systems to steal big data from the server room\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/public-utilities-in-the-cyberthreat-bullseye\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Public Utilities in the Cyberthreat Bullseye\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Public Utilities in the Cyberthreat Bullseye","description":"Public Utilities in the Cyberthreat Bullseye. Public utilities remain in the bullseye for cyberattackers. This past week, the Delta-Montrose Electric Association (DMEA) disclosed that it had discovered an internal network breach on November 7, 2021. Earlier this year the rural Alabama electric cooperative, Wiregrass Electric Cooperative, also experienced a ransomware attack. This is part of an ongoing wave of attacks upon public utilities, and it is one that will likely continue to increase over time.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/","og_locale":"en_US","og_type":"article","og_title":"Public Utilities in the Cyberthreat Bullseye","og_description":"Public Utilities in the Cyberthreat Bullseye. Public utilities remain in the bullseye for cyberattackers. This past week, the Delta-Montrose Electric Association (DMEA) disclosed that it had discovered an internal network breach on November 7, 2021. Earlier this year the rural Alabama electric cooperative, Wiregrass Electric Cooperative, also experienced a ransomware attack. This is part of an ongoing wave of attacks upon public utilities, and it is one that will likely continue to increase over time.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/","og_site_name":"Infoblox Blog","article_published_time":"2021-12-14T17:57:29+00:00","article_modified_time":"2021-12-14T17:58:30+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blackmatter-ransomware.jpg","type":"image\/jpeg"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"Public Utilities in the Cyberthreat Bullseye","datePublished":"2021-12-14T17:57:29+00:00","dateModified":"2021-12-14T17:58:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/"},"wordCount":1407,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blackmatter-ransomware.jpg","keywords":["Utilities","Cyber threat","DMEA","Ransomware","DNS"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/","url":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/","name":"Public Utilities in the Cyberthreat Bullseye","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blackmatter-ransomware.jpg","datePublished":"2021-12-14T17:57:29+00:00","dateModified":"2021-12-14T17:58:30+00:00","description":"Public Utilities in the Cyberthreat Bullseye. Public utilities remain in the bullseye for cyberattackers. This past week, the Delta-Montrose Electric Association (DMEA) disclosed that it had discovered an internal network breach on November 7, 2021. Earlier this year the rural Alabama electric cooperative, Wiregrass Electric Cooperative, also experienced a ransomware attack. This is part of an ongoing wave of attacks upon public utilities, and it is one that will likely continue to increase over time.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blackmatter-ransomware.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/blackmatter-ransomware.jpg","width":612,"height":408,"caption":"Hackers using laptop computers to penetrate security systems to steal big data from the server room"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/public-utilities-in-the-cyberthreat-bullseye\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Public Utilities in the Cyberthreat Bullseye"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7334"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7334\/revisions"}],"predecessor-version":[{"id":7335,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7334\/revisions\/7335"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/7172"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}