• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Crucial Point LLC

Accelerating Technology

  • About Crucial Point
    • About Bob Gourley
    • Announcements
    • Corporate Events
    • Press
    • CTOvision
      • Go Pro!
  • Contact Us
  • Services
    • Technology Due Diligence
    • CTO Advisory Services
    • Compliance and Cybersecurity
    • CTO-as-a-Service
    • CISO-as-a-Service
    • Corporate Events
  • Crucial Point Clients
  • Cybersecurity Best Practices
    • Cybersecurity Best Practices
    • Cybersecurity At Home
    • Health Insurance Portability and Accountability Act (HIPAA) Security Rule Compliance
    • The FFIEC Cybersecurity Assessment Tool Can Be Used To Raise Your Security Posture
    • Companies Who Interact With European Citizens Must Check Architecture For Compliance With New Data Rules

Crucial Point Provides Context For Vox: It’s not just elections Russia hacked the US electric grid

Home » Announcements » Best Practices » Crucial Point Provides Context For Vox: It’s not just elections Russia hacked the US electric grid

Bob Gourley of Crucial Point provides context and commentary on cybersecurity threats and actions to mitigate threats and is frequently contexted to provide insights for journalists seeking expert insights. Gourley was featured in the Vox report on  It’s not just elections: Russia hacked the US electric grid

The article gives very clear insights into the details of years long cyber espionage and cyber attacks to place malicious code in a wide variety of firms associated with the energy sector and does so in a way that is very understandable.

From the report:

To gain access to the power plant computers and internal networks, the hackers first attacked smaller, less secure companies — like ones that make parts for generators or sell software that power plant companies use, for instance.

The Russian hackers then repeated some of those same techniques again to gain access to the primary targets.

One way they did that was to send emails from a compromised account that the receiver trusted and had interacted with before, to get the person receiving the email to reveal confidential information. This is known as “spearphishing.” For example, if the email looks like it’s coming from Bob from marketing, then Alice will be more likely to open it, even if the email was actually sent by Eve from Russia.

Another method they used was “waterholing.” The hackers altered websites that people in the energy industry regularly visit, so that those websites could collect information, like logins and passwords, and relay them back to the hackers.

Some targeted users were induced to “download enticing word documents,” as the report phrases it, about control process systems (programs that watch other programs work, essentially). But those documents turned out to be more malicious than enticing. By opening them, the targets ran programs that gave hackers access to their computers.

After acquiring the logins needed to fool the computers into letting the attackers in, the intruders set up local administrator accounts (the kind with permissions to do things like install programs) and used them to place more malware in the networks. The code they used also contained steps to cover the intruders’ tracks, like automatically logging out of the administrator accounts every eight hours.

“The bad news is this attack used a lot of the old methods to get in,” says Bob Gourley, founder and chief technology officer of the tech consultancy firm Crucial Point and author of the book The Cyber Threat.

“Trickery, getting people to click on links, the other kind of social engineering, phishing to get a foothold somewhere, this was the same kind of basic attack pattern that’s been going on for a decade now,” Gourley says. “It was just better resourced and better targeted, and they had more focused intelligence.”

In the Vox story, Kelsey Atherton did a fantastic job of capturing the key methods of the attackers and also summarizing the most important steps that can be done to mitigate attacks like these. In our view, had best practices been followed by firms that were attacked, the damage would have been far less and the intrusions detected far earlier.

We also absolutely loved the last line of this report: “Intrusions like these still fall short of sabotage or war, but that doesn’t mean we have to like them.”

Very true.

Are you in a company that serves the energy sector? Contact Us today for a free consultation and learn more about how to apply best practices to your business. We would also be glad to provide more information on our CISO-as-a-Service offering.

Filed Under: Best Practices, Cybersecurity, Press

Primary Sidebar

Our Latest

OODA LLC: Put our team of experts on your side

Crucial Point is now part of OODA LLC. OODA helps our clients identify, manage, and respond to global risks and uncertainties while exploring emerging opportunities and developing robust and … [Read More...] about OODA LLC: Put our team of experts on your side