How solar PV asset owners can protect themselves against malware attacks

Google+ Pinterest LinkedIn Tumblr +

 

  • A random malware strain targeted about 800 remote monitoring devices at ground-mounted PV plants in Japan in May, according to Japanese PV cybersecurity specialist Girasol Energy.

Although the incident did not cause any financial or technical damage to the solar facilities, the malware used the systems as a springboard for fraudulent actions.

โ€œThe random malware installed a backdoor and illegally used internet banking to steal money. Once a backdoor is installed, a hacker can easily gain unauthorized access repeatedly without going through the normal authentication process,โ€ Girasol Energy CTO Hiroyuki Ikegami told pv magazine, noting that such incidents are more common than generally believed.

Ikegami explained that cybercriminals frequently make random or automated attempts online to turn vulnerable computers into members of botnets.

โ€œBased on known vulnerabilities, attackers try to break into vulnerable computers and, if successful, install malware to create a backdoor on the computer,โ€ he said. โ€œComputers with backdoors are shared by attackers all over the world โ€“ this is a botnet.โ€

He explained that once computers are part of a botnet, they are at the disposal of attackers. They can use compromised devices for a range of malicious activities, such as sending fraudulent emails or overwhelming servers with traffic to disrupt services in distributed denial-of-service (DDoS) attacks.

Ikegami said the malware targeted SolarView Compact SV-CPT-MC310 remote monitoring devices, developed by Japan-based Contec. The company has since released an updated version of the product, which addresses all the vulnerabilities involved in the incident. It has also told users to update their software.

Contec said in a press release that it found 19 vulnerabilities in SolarView from 2021 to 2023 and has issued patches to address these issues since 2021. Japanese media outlets reported that the attackers used about 800 SolarView devices in the incident on May 1, 2024, to carry out a scam and steal money.

โ€œThis means that in about two to three years, 800 vulnerable SolarView will not be maintained from a cybersecurity perspective,โ€ Ikegami said. โ€œUsers did not apply these patches to SolarView and continued to deploy vulnerable SolarView directly to the internet. This negligence led to the whole incident.โ€

Ikegami said the details of how the incident was discovered remain unclear. However, based on reports linking it to money transfer scams, he believes the incident likely surfaced during police investigations into the scam victims.

He warned that all remote monitoring devices connected to the internet are exposed to these risks if they are not properly protected by specialized cybersecurity companies.

โ€œThere is no certainty of protection if nobody is surveying the system and attacks like those we have seen in May may have legal consequences for the PV asset owners, although the performance of the plants is not affected,โ€ said Ikegami.

No cases have been reported in Japan in which unwitting botnet participants have been sued for damages related to such issues.

โ€œHowever, there is a risk, and it is important for businesses to respond appropriately and especially if the system should operate with cybersecurity,โ€ Ikegami said, noting that in this case, it is more profitable for the attacker if the PV owner remains unaware. โ€œIt’s like using an empty house for illegal activities.โ€

Ransomware also poses a significant threat to production facilities and IT systems. As PV systems become a more important power source, such attacks could become more common.

โ€œThe importance of PV systems will increase in the next few years, thus system integrators need to be particularly careful about ransomware and unknown future attacks,โ€ said Ikegami.

Author: Emiliano Bellini

This article was originally published in pv magazine and is republished with permission.

Share.

Leave A Reply

About Author

Green Building Africa promotes the need for net carbon zero buildings and cities in Africa. We are fiercely independent and encourage outlying thinkers to contribute to the #netcarbonzero movement. Climate change is upon us and now is the time to react in a more diverse and broader approach to sustainability in the built environment. We challenge architects, property developers, urban planners, renewable energy professionals and green building specialists. We also challenge the funding houses and regulators and the role they play in facilitating investment into green projects. Lastly, we explore and investigate new technology and real-time data to speed up the journey in realising a net carbon zero environment for our children.

Copyright Green Building Africa 2024.