Data Security, Critical Infrastructure Security

Mexican state-owned power utility’s years-long data leak risks country-wide power disruption

(Adobe Stock)

Mexico's Federal Electricity Commission, a state-owned power utility serving more than 99% of the country's population, had more than 600 GB of data inadvertently leaked by an unsecured Kibana server for over three years, reports Cybernews.

Included in the misconfigured CFE server, which is managed by Mexican cybersecurity company Teliko, were DNS queries from employee machines, Deep Packet Inspection logs, anti-malware and network monitoring tool notifications, and visited URLs, which could be leveraged by malicious actors to develop spear-phishing campaigns and damage equipment, resulting in widespread power disruption, according to Cybernews researchers. "Ultimately, attackers could potentially interact with Industrial Control systems, modifying their settings, which can lead to damage of physical systems or the turning off of critical systems," noted researchers, who added that CFE has yet to respond to emails they have sent over the past five months. Increasingly prevalent attacks against critical infrastructure should prompt improved security defenses for industrial control systems, researchers added.

You can skip this ad in 5 seconds