Cyberattacks against Critical Infrastructure Are on the Rise. Here’s What You Should Know. 

In August 2021, two rural wastewater plants in Maine were targeted by ransomware attacks. While both attacks were minor, with no serious threat to public safety or exposure of sensitive data, they did force office computers to be taken offline for a few days. Fortunately, none of the treatment plants were affected as they were controlled manually. Officials encouraged all critical infrastructure professionals to be extra vigilant to avoid such incidents. 

Similarly, in February 2021, hackers targeted a wastewater plant in Oldsmar, Florida, and tried to poison the water supply, potentially endangering around 15,000 residents. The hackers accessed the plant’s systems by exploiting vulnerabilities in an outdated version of Windows 7 OS as well as through a remote access software called TeamViewer. They increased the water’s sodium hydroxide levels from 100 to 11,100 parts per million – a dangerous amount. Fortunately, an alert plant operator discovered the attack in time and reversed the changes. 

While no major fallout resulted from the above incidents, they emphasize the increasing threat of cyberattacks on critical infrastructure. Here, we will discuss why infrastructure is vulnerable to attacks, the main cyber threats targeting this sector, and how to defend against them. 

Cyber vulnerabilities in critical infrastructure

Critical infrastructure (CI) is made up of several systems that are essential for a society to function properly. This includes water supply, electricity generation and distribution, gas, transportation, public health, telecommunication, physical infrastructure like buildings and roads, and so on. Here is why they make alluring targets for cybercriminals: 

• The adoption of IoT into critical infrastructure has increased efficiency, lowered costs, allowed remote access, and greatly enhanced convenience  However, it has also increased the frequency and sophistication of exploited vulnerabilities and cyberattacks. Research shows that in 2021, industrial control systems have seen a 41% increase in disclosed flaws as compared to 25% in 2020.     
• Since critical infrastructure is responsible for public welfare, major cyberattacks can have a profound effect on its operational capabilities. For example, shutting down important control systems and machinery due to a cyberattack may cause substantial financial damage. This, in turn, makes them a prime target of ransomware.    
• The use of outdated systems and software, in addition to the failure to update security patches to current requirements, presents a huge risk to critical infrastructure and makes it highly susceptible to cyberattacks. This also makes it harder for organizations to detect cyberattacks in time and minimize the damage.  

Top cyber threats affecting critical infrastructure 

In a ransomware attack, malicious actors hack servers, encrypt and steal data, and hold it hostage for ransom. Threat actors have also increased the level of damage caused by this attack with tactics like double extortion and Ransomware-as-a-Service. 

Malware is any malicious software or code that is designed to gain access to a network, software, or application and compromise or steal data. Stuxnet is one of the most well-known malware that targets SCADA in critical infrastructure. Along with ransomware, malware is the most common type of cyberattack on critical infrastructure.  

Injection attacks occur due to injection flaws. These flaws refer to the failure to filter untrusted input before processing it. Threat actors can take advantage of this vulnerability and insert malicious codes into the application or server to gain access to a database which they can then exploit. SQL, OS command, and LDAP attacks are the most common types of injection attacks.

In a DDoS (Distributed Denial of Service) attack, the intent is to disrupt a server or network’s normal flow of traffic by using spoofed IP addresses to send large packets of data. This high traffic volume overwhelms the target, eventually crashing it. This attack blocks organizations from accessing their networks and greatly affects their operational activities. Hacktivists or nation-state cybercriminals often launch DDoS attacks.

In spear phishing, a specific individual or institution is targeted and is contacted via email or a text message by threat actors pretending to be a legitimate professional or an organization to trick them into sending sensitive data, money, or installing malware. It is an elaborate con that employs a high degree of personalization. This attack can unfold over some time, with the goal of gaining trust and ultimately accessing all the coveted information.  

How to defend against cyberattacks on critical infrastructure? 

1. Educate employees about various methods through which cyberattacks can be launched on critical infrastructure. Advise them about safe online behavior. Conduct regular training and testing to ensure they are aware of the cyber safety protocols to be followed. 
2. Implement security controls like antivirus, antimalware, firewalls, encryption, and multi-factor authentication to ensure that all system devices are secure from security breaches.
3. Update all software, applications, and programs to the latest requirements to eliminate any vulnerabilities that cyberattackers could use to their advantage. Employ endpoint security programs and solutions to ensure added security on all system devices. 
4. Maintain a strict inventory of all connected devices in your organization’s network. This includes knowing their location, the status of their function, and their patch management process. They should also be regularly screened for risk assessments to ensure their security. 
5. Carefully monitor user activity on all systems and networks to ensure that there is no suspicious activity. Furthermore, regularly audit all systems for vulnerabilities.  
6. Since critical infrastructure is a major target for cybercriminals, organizations should invest in a strong cyber insurance policy to cover any liabilities in the event of a security breach.