Over 130,000 Solar Panel Installations Exposed Online


Based on recent reports from Cyble, there has been a large attack vector for threat actors in the Solar industry’s PV (Photo-Voltaic) diagnostic and monitoring systems.

These systems are used to measure efficiency, detect faults, and optimize overall operations.

CSN

The research also mentioned that these systems are exposed over the internet, making them a prime target for threat actors.

These Distributed Energy Resources (DERs) are used to monitor and provide access to energy grids, remotely troubleshoot these systems, and many others.

Internet-Facing PV Monitoring and Diagnostic Systems

As these systems play a major role in the energy sector, securing these systems requires a high priority.

If threat actors target vulnerable PV monitoring systems, it can affect multiple energy-based entities and organizations.

Over 130,000 Solar Panel Installations Exposed Online
Internet Exposed PV Systems

Reports indicate that there are over 130,000 PV monitoring and diagnostic systems exposed over the internet, which is a wide attacking surface for threat actors.

In addition to spear-phishing, Denial of Service (DoS), and physical damage to the assets, threat actors can also target PV inverter controls that can inflict great damage.

Types of Vulnerabilities in the Systems

The Vulnerabilities in the PV industry include 

  • Outdated firmware
  • Public exposure of sensitive information
  • Poor access control
  • Improper Network segmentation
  • Unsecured Communication
  • Default passwords
Over 130,000 Solar Panel Installations Exposed Online
Information on a PV monitoring system publicly exposed
Over 130,000 Solar Panel Installations Exposed Online
Network Information of PV system Publicly exposed

These kinds of security misconfigurations and lack of security in these systems are actively being exploited in other sectors like Financial, Education, etc.

Furthermore, bypassing the authorization protocol of these systems is becoming easy for threat actors.

Impact on Energy Sector

The energy sector is one of the most crucial sectors in a country which is connected with several other sectors, including the Military and Intelligence. Targeting this sector will impact beyond the sector.

The largest impacts it can lead to include reduced energy production, energy supply and demand imbalance, EV vehicles disruption, charging infrastructure and mobility services disruption and can also lead to economic impacts with downtime in businesses resulting in financial losses.

As the energy crisis is on the rise, it is recommended for organizations in the energy sector to stay secure from threat actors and patch and upgrade all the systems. Cyble has published a complete report on how PVs are targeted.

“AI-based email security measures Protect your business From Email Threats!” – Request a Free Demo.



Source link