Unify Security Operations
Go Back

Unify Security operations

Reduce Alert Noise and False Positives

Automate Security Operations

Dark Web Monitoring

Maximize Existing Security Investments

Beyond MDR

Secure Multi-Cloud Environments

Secure Mergers and Acquisitions

Secure Operational Technology

Eliminate Mundane SecOps Tasks

Unify Your Security Operations

Whether you’re starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Explore Our Solutions
Why ReliaQuest
Go Back

The ReliaQuest GreyMatter Platform

Detection Investigation Response

Threat Hunting

Threat Intelligence

Model Index

Automated Response Playbooks

Breach and Attack Simulation

Digital Risk Protection

Phishing Analyzer

Technology Partners

AI Agent for SecOps

Why ReliaQuest?

Whether you’re starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Explore the GreyMatter Platform
Learn
Go Back

Learn

Blog

Threat Research

Case Studies

Data Sheets

eBooks

Industry Guides

Research Reports

ShadowTalk Podcast

Solution Briefs

White Papers

Videos

Events & Webinars

ReliaQuest Resource Center

From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Resource Center
Company
Go Back

Company

About ReliaQuest

Leadership

No Show Dogs Podcast

Make It Possible in the Community

Careers

Press and Media Coverage

Become a Technology Partner

Contact Us

A Mindset Like No Other in the Industry

Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
Search
Go Back

Back to blog

Report Reveals Spearphishing Constitutes 81% of Utilities Sector Alerts

Gautham Ashok 10 December 2024

man viewing computer monitor displaying a digital model of wind turbines

We’re excited to introduce our latest threat landscape report on the utilities sector, offering fresh insights into the evolving cyber threats facing the industry.

In this blog, we’ll give you a taste of the report’s key themes, including analysis of the most pressing threats, prevalent MITRE ATT&CK techniques, and dark web insights.

MITRE ATT&CK ID	MITRE Technique	% of incidents
T1566.002	Phishing: Spearphishing Link	31.5
T1534	Internal Spearphishing	27.9
T1566.001	Phishing: Spearphishing Attachment	21.5
T1008	Fallback Channels	9.6
T1071.004	Application Layer Protocol: DNS	9.4

Top MITRE Technique: Spearphishing

From November 1, 2023, to October 31, 2024, spearphishing dominated as the leading technique, responsible for 81% of security alerts in the utilities sector. This high vulnerability is due to employees’ dual access to both IT and OT systems, with 31.5% of incidents involving spearphishing links and 27.9% involving internal spearphishing. The sector’s legacy OT infrastructure, often with weaker cybersecurity defenses, makes it an attractive target for threat attackers.

Just 2 Minutes to Contain a Threat with AI and Automation

ReliaQuest’s data reveals that utilities organizations leveraging AI and automation, such as GreyMatter Automated Response Playbooks, achieve an extraordinary mean time to contain (MTTC) threats in just two minutes. This rapid response contrasts starkly with the industry average of nearly 21 hours for those relying on manual responses. By cutting incident response time by over 99%, these organizations significantly reduce operational disruptions and enhance the protection of critical infrastructure. This swift action is vital, especially in a sector where every minute counts towards maintaining service continuity and security.

DRP Insights Reveal Impersonating Domains as Growing Concern

Utilities companies are frequent topics on dark-web forums due to their critical operations. During the reporting period, impersonating domains emerged as a significant tactic used by threat actors, with GreyMatter Digital Risk Protection (GreyMatter DRP) alerts constituting 57.42% of all true-positive alerts. AI advancements have enabled attackers to automate the creation of convincing fake domains, posing major threats to utilities companies’ operations and reputation.

Ransomware Activity Targeting the Utilities Sector

Ransomware activity targeting utilities surged by 42% over the past year, with 75 organizations appearing on ransomware data-leak sites. The sector’s critical nature makes it a high-value target for financial gain and strategic leverage, often pressuring companies to pay ransoms quickly to restore operations and avoid severe consequences.

Key Threat to Watch: Volt Typhoon

Volt Typhoon, a China-linked advanced persistent threat, poses a significant threat to utilities companies due to its ability to embed itself within networks, making it nearly impossible to remove intruders without causing downtime. Its sophisticated techniques and potential to disrupt critical infrastructure highlight the need for robust detection and incident response strategies.

Anticipating What’s Next

Increased Threat from Nation-State Actors: With geopolitical tensions involving China and Iran expected to escalate under the incoming Donald Trump administration, utilities companies should prepare for heightened cyber offensives. The new U.S. policies could spur state-sponsored groups, such as Volt Typhoon, to target critical infrastructure, aiming to disrupt essential services and stir societal unrest.
Evolving OT-Targeted Hacktivism: Traditional methods are giving way to more sophisticated attacks on critical infrastructure, driven by the desire for greater media attention and impact. Hacktivists are likely to exploit unpatched vulnerabilities in water systems and other critical utilities, necessitating heightened vigilance and adaptive defense strategies.
Transition Toward Renewable Energy Sources: As utilities embrace renewable energy, the integration of distributed energy resources and remote infrastructure increases exposure to cyber threats. The sector must prioritize cybersecurity measures to protect against potential exploits of these expanded digital landscapes.

Conclusion

Recent malicious activity, particularly the surge in spearphishing and ransomware attacks, underscores the utilities sector’s appeal to malicious actors. As the sector modernizes, embracing new technologies driven by AI and automation, it must also be prepared for increased cyber threats. Implementing proactive, defense-in-depth strategies—such as automated incident response measures and digital risk protection—will be essential for safeguarding security operations environments.

For deeper insights into the major threats facing the sector, detailed case studies, and practical mitigation strategies, download the full report.

Resources

Related Blogs

Threat Intelligence | Threat Research

All Blogs

See GreyMatter in Action

Get a live demo of our security operations platform, GreyMatter, and learn how you can improve visibility, reduce complexity, and manage risk in your organization.

Request a Demo

GreyMatter's security operations platform dashboard