Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Critical Infrastructure Under Siege: 42% Spike in Ransomware Attacks on Utilities


    Ransomware attacks targeting utilities have surged by 42% over the past year, with spear phishing playing a major role in 81% of cases, according to a ReliaQuest study spanning November 2023 to October 2024.

    Analyzing data from its GreyMatter platform and dark web activity, ReliaQuest found that utilities like water and energy systems are disproportionately affected. Their critical role in infrastructure makes them prime targets for cybercriminals.

    Spear phishing emerged as a significant threat, accounting for 81% of alerts in the utilities sector. Within these cases, 31.5% involved spearphishing links, 27.9% internal spearphishing, and 21.5% malicious attachments. “Employees in the sector frequently receive emails from numerous different senders, which may lead to reduced vigilance when interacting with unfamiliar messages, particularly those that appear to come from trusted sources,” ReliaQuest stated.

    Additionally, the prevalence of internal spear phishing highlights the risks posed by contractors and third-party vendors closely integrated into utilities’ operations.

    Ransomware attacks have also risen dramatically, with 75 utilities being listed on ransomware leak sites during the study period—a 42% increase compared to the previous year. The Play ransomware group alone reported 10 utilities victims, up from just three the year before, marking a staggering 233% jump.

    Among ransomware groups, LockBit was the top threat, followed by Play, ALPHV/BlackCat (now defunct), Akira, and 8base. Utilities faced a disproportionately higher number of attacks from these groups compared to other industries.

    ReliaQuest attributed this rise to factors like the growing adoption of industrial IoT systems, which often lack regular updates, leaving vulnerabilities open for exploitation. The broader increase in ransomware-as-a-service (RaaS) operations also contributes to the trend.

    To combat these threats, ReliaQuest advises utilities to enhance defenses by implementing automated incident response systems and boosting employee security awareness about phishing schemes. Advanced email security systems, capable of detecting and disrupting phishing attempts, can further shield organizations from these pervasive social engineering attacks.

    By taking proactive measures, utilities can mitigate the escalating risks to their operational technology (OT) and IT environments, safeguarding critical infrastructure against rising cyber threats. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    ReliaQuest has the story.


    Get Your Free Phishing Security Resource Kit

    Phishing emails increase in volume every month and every year, so we created this free resource kit to help you defend against attacks. Request your kit now to learn phishing mitigation strategies, what new trends and attack vectors you need to be prepared for, and our best advice on how to protect your users and your organization.

    Here’s what you’ll get:

    • Access to our free on-demand webinar Your Ultimate Guide to Phishing Mitigation featuring Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist
    • Our most popular phishing whitepaper: Comprehensive Anti-Phishing Guide E-Book
    • A video that explains How to Avoid Phishing Attacks
    • Our most recent quarterly infographic on Top-Clicked Phishing Email Subjects Infographic 
    • Posters and digital signage to remind users about what to watch out for 

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/breached-password-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top