Ransomware attacks are the number one cyber risk for utilities and critical infrastructure worldwide. Detecting malicious activities during the preparation phase of an attack to prevent disruption and spreading is at the heart of any cybersecurity strategy.
In its working paper "Critical Vulnerability in Log4j - Detection and Response", the German Federal Office for Information Security (BSI) underlines the persistent and complex danger of the Log4Shell vulnerability in industrial networks as well. Patching the vulnerability in the short to medium term is considered unrealistic for many companies. For this reason, the BSI recommends continuous monitoring and analysis of network communication via anomaly detection in addition to rule-based query analysis. Industrial anomaly detection solutions, as offered by Rhebo, a Landis+Gyr Company, enable companies to detect on compromises that have already occurred, active exploits and other malicious activities in the operational technology (OT) and industrial control systems (ICS) at an early stage. The vulnerability, documented as CVE-2021-44228, allows attackers to execute arbitrary code on systems using the widespread Log4j library without authentication.
The digitalization of the energy industry has led to a convergence of operational and informational technologies across metering infrastructures worldwide. This OT/IT convergence brings with it all the benefits of the connected, IoT era such as personal energy management insights, automated energy management and grid transparency. However it has also resulted in increasingly complex OT/IT ecosystems creating with new areas of vulnerability and increasing exposure to attacks.
