Secure Data Protection
February 24, 2022
Examples of cyberattacks on critical infrastructure in the US are common in today’s threat landscape.
This has been a growing concern for some years among organizations (owners and operators) that work with critical infrastructure in some capacity, but the volume and severity of attacks over the course of 2021 has led to a strong re-focusing and reevaluation about whether the current level of cyber protections are enough.
In this blog, we’re going to be taking a look at five examples of cyberattacks hitting critical infrastructure, how it happened, and what businesses should do to avoid becoming a victim of cybercrime.
An estimated 83% of companies operating in critical infrastructure have experienced a breach in the last 36 months.
This is a staggeringly high number in itself, and would be the cause for greatest concern were it not for a far more revealing statistic, which is that 56% of respondents representing businesses in critical fields say they are “highly confident” their organization will not experience a breach in the next year.
This lack of understanding and awareness about the dangers of modern cyberattacks is consistent across many industries and highlights a growing need to acknowledge and take action in securing networks immediately.
79% of companies that have been the victim of a cyberattack say attacks are more sophisticated than ever.
JBS Foods is the largest supplier of meat in the world and was targeted in a ransomware cyberattack.
The attack resulted in JBS having to temporarily close all of their beef plants, while also affecting one plant in Canada and the pausing of operations in Australia.
The attack was similar in many ways to the Colonial Pipeline attack, which we will be talking about shortly, and resulted in them paying an $11 million ransom in order to avoid more disruptions.
This cyberattack, and others like it, represents a marked change in approach from hackers, who are increasingly targeting organizations that possess large volumes of data in an attempt to demand ransoms.
What should be most concerning to businesses is that the tactic has been shown to be effective.
Using a single compromised password, hackers were able to enter Colonial Pipeline’s network through a virtual private network (VPN) that did not have multifactor authentication enabled.
Once inside, the attackers infected the internal network with ransomware and posted a ransom note asking for payment in cryptocurrency.
Colonial Pipeline decided to shut down their 29,000 miles of gasoline pipelines to prevent the ransomware from spreading.
This resulted in a gas shortage felt around the country.
Colonial Pipeline had to pay a $4.4 million dollar ransom, had 100 gigabytes of data stolen, and the attack itself on critical infrastructure resulted in jet fuel shortages and spiked the price of gasoline for consumers.
If $11 million and $4.4 million seem like hefty ransoms to pay, then $40 million is enough to make anyone’s eyes water.
That’s the ransom that was paid by insurance firm CNA Financial after being hit just weeks after the Colonial Pipeline cyberattack.
After initial demands of $60 million, CNA agreed the lesser fee of $40 million, and these extortionate payments represent a general steep upwards trend in the amounts of money being paid to hackers.
Average ransomware payments have skyrocketed in the past three years. In 2019 it was about $115,000; in 2020 this figure rose to $312,000, and in 2021 rose further still to $570,000.
After a user visited a website hosting malicious code, hackers were able to infiltrate computer systems and tech infrastructure for a water treatment facility—with the hackers present in the system from December 2020 to February 2021.
The hack was conducted through a “watering hole attack”.
This is when cybercriminals—instead of directly targeting an organization's systems or people—target a website that is known to be frequented by users.
Once a user has visited the compromised site, they can be infected with malware and the hackers have access.
With modern cybersecurity solutions that use technology like AI and behavioral monitoring, discovering cybercriminals lurking within networks is a lot easier for security professionals and IT teams.
The transport ferry service operating routes for Cape Cod, Martha’s Vineyard, and Nantucket was compromised in a ransomware attack that affected its operations and caused delays.
Passengers were forced to use only cash for the duration of the breach outage and reservations were severely limited.
While the scope for this particular attack was limited in the grand scheme of things, there’s no doubt that similar attacks have the potential to derail much larger transport authorities and cause serious disruption to critical infrastructure.
Cyberattacks on critical infrastructure and the companies associated with critical infrastructure are increasing, and demands for higher ransomware payments are rising in tow.
This is extremely concerning for all organizations that operate critical infrastructure, and indeed for those who are yet to have a risk assessment conducted on their network and data operations, they should strongly consider doing so.
If you are unsure of where you stand with your cybersecurity posture, think about contacting DOT Security—our experts have decades of experience between them and know how to secure an organization for the future. Contact us now.