Business, News, Security

Microsoft research reveals power grids as the next target for hackers

Robin-Leigh Chetty

24th November 2022

Research published by Microsoft earlier this week points to a new vulnerability found in older IoT infrastructure that hackers are looking to exploit.
This exploit could be used to target power grids in particular, Microsoft has warned.
Addressing this vulnerability will also prove difficult, given how it is built into IoT infrastructure, Microsoft pointed out.

Since the beginning of the pandemic, cybercrime has steadily increased and that shows no signs of changing now that more borders have been opened and restrictions have been eased. This as Microsoft published research earlier this week which will be of concern for those operating power grids or other forms of supply chain infrastructure.

Here the company specifically identified a vulnerability that exists within an open-source component of the Boa web server. As TechCrunch points out, while this software was officially retired in 2005, it is still quite popular in IoT environments, and now hackers are looking to exploit it in order to target older power grids and supply chains.

This is not the first time that infrastructure has been targeted, with the recent Log4J and SolarWinds exploits highlighting gaping holes in cybersecurity.

“A report published by Recorded Future in April 2022 detailed suspected electrical grid intrusion activity and implicated common IoT devices as the vector used to gain a foothold into operational technology (OT) networks and deploy malicious payloads,” Microsoft explained in its research post.

“While investigating the attack activity, Microsoft researchers identified a vulnerable component on all the IP addresses published as IOCs and found evidence of a supply chain risk that may affect millions of organizations and devices,” it added.

The company noted that it identified more than a million exposed Boa web servers across the globe, with the majority found in India. South Africa was also present in the reporting, although it is unclear precisely how many are exposed locally. Given our own ailing power grid, it would indeed be a prime target for hackers if left unaddressed.

Detailing one of the more recent incidents, Microsoft said that an exposed server in India in October targeted Tata Power, with it resulting in the Hive ransomware group publishing stolen data.

Given that Eskom is public enemy number one at the moment given the volume of loadshedding in South Africa currently, its data would likely prove a valuable bounty for any hackers wanting to push a ransomware attack.

“In critical infrastructure networks, being able to collect information undetected prior to the attack allows the attackers to have much greater impact once the attack is initiated, potentially disrupting operations that can cost millions of dollars and affect millions of people,” Microsoft highlighted.

The company has also advised on steps that infrastructure service providers and operators can take to safeguard against this newly discovered exploit.

These include patching vulnerabilities as soon as possible, extending vulnerability and risk detection beyond the firewall, and reducing the attack surface by eliminating unnecessary internet connections to IoT devices in the network.

[Image – Photo by Alexandru Boicu on Unsplash]

About Author

Robin-Leigh Chetty

Editor of Hypertext. Covers smartphones, IoT, 5G, cloud computing and a few things in between. Also a keen photographer and dabbles in console games when not taking the hatchet to stories.