Australian Energy Software Firm Energy One Hit by Cyberattack – SecurityWeek

by | Aug 23, 2023 | Engineer

Hi, what are you looking for?
Energy One, an Australian company that provides software products and services to the energy sector, has been hit by a cyberattack.
By
Flipboard
Reddit
Pinterest
Whatsapp
Whatsapp
Email

Energy One, an Australian company that provides software products and services to the energy sector, has been hit by a cyberattack.
In a statement issued on Monday, the company said the incident was detected on August 18 and it impacted some corporate systems in Australia and the UK.
“As part of its work to ensure customer security, Energy One has disabled some links between its corporate and customer-facing systems,” Energy One said.
Energy One is investigating the incident in an attempt to determine whether personal information and customer-facing systems have been impacted. The company is also working on determining the attacker’s initial point of entry. 
While the firm has not shared any additional details about the attack, its statement suggests that it may have been targeted in a ransomware attack.
Cybersecurity experts have been called in to assist with the investigation and authorities in Australia and the UK have been notified. 
A recent report published by British threat intelligence company Searchlight Cyber showed that threat actors have been offering initial access into energy sector organizations around the world for prices ranging between $20 and $2,500. 

Advertisement. Scroll to continue reading.

Cybercriminals can gain entry through RDP access, compromised credentials, and device vulnerabilities (such as Fortinet products). 
Related: Malicious QR Codes Used in Phishing Attack Targeting US Energy Company
Related: 2022 ICS Attacks: Fewer-Than-Expected on US Energy Sector, But Ransomware Surged
Related: Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks
Related: Gas Stations Impacted by Cyberattack on Canadian Energy Giant Suncor

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
engineer sydney Working remotely is here to stay and businesses should continue to make sure their basic forms of communication are properly configured and secured. (Matt Honea)
engineer sydney The complexity and challenge of distributed cloud environments often necessitate managing multiple infrastructure, technology, and security stacks, multiple policy engines, multiple sets of controls, and multiple asset inventories. (Joshua Goldfarb)
engineer sydney Automated Security Control Assessment enhances security posture by verifying proper, consistent configurations of security controls, rather than merely confirming their existence. (Torsten George)
engineer sydney Context helps complete the picture and results in actionable intelligence that security teams can use to make informed decisions more quickly. (Matt Wilson)
engineer sydney Thinking through the good, the bad, and the ugly now is a process that affords us “the negative focus to survive, but a positive one to thrive.” (Marc Solomon)
Flipboard
Reddit
Pinterest
Whatsapp
Whatsapp
Email
The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.
As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.
Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.
A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the…
Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.
Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.
The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.
A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of…
Got a confidential news tip? We want to hear from you.
Reach a large audience of enterprise cybersecurity professionals
Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.
Copyright © 2023 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.


source