Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Ransom hackers are hitting climate data | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | #hacking | #aihp

The attack on Schneider illustrates a new vulnerability for companies already facing pressure from regulators and shareholders to track and curb their emissions. Businesses are compiling more energy and climate data than ever before, which have the potential to reveal sensitive details of their operations and embarrassing facts about their environmental footprint. And they’re often sharing it with a proliferation of third-party accounting and consulting firms: Schneider itself is developing decarbonization plans for at least one-third of the Fortune 500. Climate data needs a security upgrade, or companies’ willingness to tackle their emissions could be curtailed.

The basic strategy of a ransomware attack is to siphon up data and threaten to release it unless a payment is made. Firms like Schneider that have access to other companies’ data are an especially rich target, because of the potential loss of business that could result from a leak, and because the compromised data could hold keys to facilitate follow-up attacks at the other companies, said Nick Biasini, head of outreach at the cybersecurity firm Cisco Talos.

In addition to standard financial and personal data that may have been compromised, energy data is an especially sensitive Achilles’ heel. It can be read as a proxy of a company’s finances, could give away trade secrets, and could make it easier for hackers to identify future targets in the real world. Energy infrastructure is one of the most common targets of hackers, and according to security firm Sophos, the sector most likely to pay a ransom because of how damaging and costly interruptions can be. That point was driven home by the 2021 hacking of the Colonial Pipeline company, which paid a $4.4 million ransom within hours after hackers shut down one of the biggest U.S. oil pipelines. The recent attack was not the first time Schneider was targeted, either: The company was also hit during a wave of ransomware attacks last year that included at least two other large energy companies, Shell and Siemens Energy.

Risks are growing as more energy and climate data is aggregated, Biasini said.

“It might be fine to share emissions data with your accountants or whomever, but just realize that the more people who have eyes on it, there’s an increased likelihood of data leaks,” he said. “And now there’s an added layer because you have criminals whose job it is to actively find and leak this data.”

The risk of climate data hacking is leading some consulting firms to become more vigilant about cybersecurity. A spokesperson for Watershed, an emissions-tracking startup, said it is proactively tracking efforts by hackers to target climate data, and taking steps including “strong access controls, network segmentation, vulnerability scanning, and enforced security policies via mobile device management” to mitigate the risk. Hackers only need to get lucky once to gain a huge amount of leverage, Biasini said, and once a ransomware attack happens, there’s not much a company can do except to pay up.


Click Here For The Original Story From This Source.


Click Here For The Original Source.