Why Attacks on Critical Infrastructure Are Dangerous
Critical Infrastructure (CI) comprises physical and cyber assets vital for the smooth functioning of societies and nations across the globe. The sectors that make up critical infrastructure differ from one country to another. For example, the USA considers 16 sectors to be vital as opposed to 13 in the UK. The disruption or damage of CI can have severe direct and indirect effects.
So far, cybercriminals seeking crypto payouts were propagators of attacks on critical infrastructure. But what happens if a threat actor has plans beyond a quick payday? What if an attack creates chaos by eliminating critical infrastructure to harm a region or country?
Attacks on CI could eventually devastate the livelihoods of millions of people and even bankrupt companies. Experts listed cyberattacks on CI as a top concern in 2020, and this trend is estimated to persist into and beyond 2021. (note 1) In the interest of national and global security, CI facilities must take proper measures to prevent threat actors from accessing their networks.
Attacks Are Widespread
Attacks on CI are becoming increasingly common topics of discussion on news channels as highly publicized cases, such as the ones mentioned below, rattle businesses and communities. It’s a scary situation and emphasizes how prepared you should be.
1. Colonial Pipeline
In May 2021, the mammoth pipeline system for refined oil in the U.S. - Colonial Pipeline - was hit by a cyberattack that stemmed from a single compromised credential. The result? Colonial Pipeline’s gasoline distribution to the East Coast was shut down for nearly a week.
2. JBS SA
The largest meat processing company in the world, JBS SA, fell victim to a cyberattack a few weeks after the Colonial Pipeline breach. The attack forced the company to halt production at its U.S. beef plants while operations in Australia and Canada were also hit.
3. The Health Service Executive (HSE) Hack
The HSE (Ireland) had to temporarily shut down its IT systems following a cyberattack. What makes this CI attack so disturbing is that it happened during the pandemic when health systems were buckling.
Other well-known cases include the attacks on NSW’s State Transit Authority (Australia), Israel’s Water Authority, and Air India.
Know the Threat Actors
To avoid the unpleasant experience of a CI attack, here are some major threats to prevent:
Experts have estimated that an alarming 75% of organizations in the U.S. experienced a phishing attack in 2020. (note 2) Phishing through email occurs when malicious actors masquerading as genuine senders lure users into sharing credentials and sensitive information.
Unpatched vulnerabilities let cybercriminals run malicious code by exploiting an unpatched bug. In 2020, about half of CI operators reported unpatched vulnerabilities as the cause of cyberattacks. (note 3)
Distributed Denial of Service (DDoS)
A DDoS attack on your network or server will overwhelm it with traffic, thus disrupting the service. A recent study reported over 2.9 million DDoS attacks in the first quarter of 2021. Compared to 2020, that is an increase of over 30%. (note 4)
A SQL injection is an attack vector that injects malicious SQL code into vulnerabilities and can even destroy databases. Over 30% of CI operators reported SQL injection as the cause of a breach. (note 3)
Also known as XSS, cross-site scripting is a method of executing malicious scripts on a legitimate website. Almost 20% of CI operators reported falling for this attack vector. (note 3)
How to Tackle These Attacks
Secure Remote Access
Remote access, if not secured, could provide a freeway for cybercriminals. Therefore, it’s vital to have network firewalls, endpoint protection, good password hygiene, etc.
Create Asset Inventory
You can’t protect what you don’t know needs protection. That’s why it’s essential to have an asset inventory. With an updated inventory of all your network assets, you can implement strategies to ramp up security.
Identify and Patch Vulnerabilities
Many Operational Technology (OT) and IoT devices that operate within industrial networks aren’t secure enough to be part of a critical infrastructure environment. By deploying tools to identify system vulnerabilities, it’s possible to find risky devices, sort them based on their level of risk and then recommend firmware updates.
Automated detection solutions backed by artificial intelligence can easily track anomalies and other minor suspicious changes within the network.
Combine OT and IT Networks
Security risks of connected industrial control systems fall when OT and IT networks are managed together as part of a unified operational platform.
Managing all these single-handedly may seem like a tedious process, but we can take all the hassle away and help you ramp up your business’ security posture. Contact us to learn more about protecting your CI, or download our free infographic to learn more about this topic here:
Castle Labs: Security
www.castlelabs.com || 919.598.6464
2020 Global Risks Report, WEF