Failure in critical infrastructure can result in far-reaching and devastating effects. Picture a scenario where you don’t have access to technological systems that you depend on daily. What if you couldn’t get through emergency services when you dialed 911? What if you couldn’t turn on your lights or power your microwave? What if you couldn’t get safe water, access your bank account, or even flush your toilet?
You only have to look at the recent Texas grid failure to get a clear picture of the potential damage: over four million Texan businesses and homes were left without power, heat, and water for days in arguably the most frigid temperatures experienced in the state. This situation was caused by Mother Nature and not by the actions of cybercriminals. Not to dispute the disastrous nature of this situation, but it doesn’t even scratch the surface of cyberattack threats on critical infrastructure, as you will discover in the following.
But before we delve into that, let’s first understand what we mean by critical infrastructure.
What Is Critical Infrastructure?
Critical infrastructure refers to systems, processes, facilities, technologies, networks, assets, and services essential to the safety, security, health, and economic well-being of the public and smooth functioning of the government. The Cybersecurity and Infrastructure Security Agency (CISA) categorizes the critical infrastructure types into 16 sectors. Any disruptions to these sectors, especially caused by cyberattacks, may result in devastating consequences.
As companies scramble to adapt to the era of 5G – and the promise it holds in terms of connectivity – their vulnerability to cyberattacks has risen exponentially. The emergence of the COVID-19 pandemic further fuelled the increase in attacks on critical infrastructure, given that it forced organizations to adapt and heavily rely on remote access to ensure continuity.
Unsurprisingly, governments and other stakeholders are instituting policies to help combat these attacks. For instance, on May 12th, 2021, US President Joe Biden issued an executive order on cybersecurity to improve the state of national cybersecurity and enhance the protection of government networks.
Analysis of Top 7 Cyberattacks on Critical Infrastructure in 2021
While there have been numerous cyberattacks in 2021, here is an outline of the top seven attacks on critical infrastructure:
1. Scripps Health Malware Attack
Scripps Health is a San Diego-based non-profit healthcare facility that includes 19 outpatient facilities and five hospitals. Scripps Health treats over half a million patients annually through 2,600 affiliated physicians.
On May 1st, 2021, its IT systems were shut down following a malware attack. The company temporarily suspended access to its IoT systems such as the patient portal, thereby interfering with its smooth functioning—surgical procedures and patient appointments were canceled temporarily. Moreover, high-risk patients such as stroke, heart, or trauma patients had to be funneled from Scripps Memorial Hospital La Jolla to nearby hospitals. This attack reminds us that cybercrime can lodge attacks against any sector, including the healthcare sector.
2. Colonial Pipeline
The Colonial Pipeline attack is arguably the largest cyberattack on an American energy system. DarkSide (a Russian-backed hacking group) claimed responsibility for the attack, which targeted SCADA systems that connect operational systems with internet-connected traditional IT networks.
The attack on the pipeline, which supplies about half of the East Coast’s gasoline that went down for days, resulted in gas panic-buying, shortages, and a spike in gas prices (the national average cost of gas per gallon rose to its highest figure in over six years).
DarkSide carried out its attack successfully by focusing on Colonial Pipeline’s IT servers in its operational SCADA stack. Had Colonial security professionals not taken down these systems before the attack spread, the damage would have been more far-reaching.
3. JBS USA
The recent attack on JBS (the world’s biggest meatpacker) has raised questions about the state of cybersecurity in the food industry. The computer networks of the Brazil-based JBS were hacked, temporarily halting some operations in Canada, Australia, and the US, with thousands of staff affected.
The JBS USA attack commenced in February, with initial reconnaissance showing structural vulnerabilities in the victim’s network. The attackers conducted data exfiltration for months, starting as early as March and completing this phase of the attack at the end of May, after which they finalized the attack on June 1st.
Whereas the company did not initially comment on whether it paid the ransom and closed its North American plants, it eventually admitted that it paid $11 million to the attackers in response to the threat of closure.
The attack on JBS did have costly ripple effects on the national supply chain of meat. It prevented restaurants and supermarkets from serving meat to their customers. The supply crunch also led to meat prices hiking.
4. Ireland HSE Attack
On May 14th, 2021, Ireland’s HSE suffered a ransomware attack by a human-operated Conti. This severely disabled several HSE systems and necessitated the shutting off of most of its other systems. This had far-reaching consequences for the HSE and the public. For instance, services that relied on digital processes such as referrals, scans, and diagnostic services had to be conducted manually, thereby causing delays, not to mention substantial cancellation of outpatient services.
5. CNA Financial
CNA Financial is among the largest insurance firms in the US. In late March, the company announced that it had fallen victim to a sophisticated cyberattack by the cybercrime syndicate group called Phoenix. CNA Financial negotiated its ransom amount from 60 million to 40 million and paid for the decryption key to get its operations up and running again.
Phoenix used a type of malware called the Phoenix locker (a variant of the famous Hados ransomware executable) to carry out the attack. This malware poses as a browser update. As such, it tricks employees into installing the update, after which it moves throughout the network higher privileges to execute the attack.
6. Brenntag
At the beginning of May, German chemical distributor Brenntag suffered a ransomware attack targeted at its North American division. Not only did the DarkSide ransomware group encrypt devices on Brenntag’s network, it also stole unencrypted files. The attackers created a private data leak page that highlighted the types of data stolen and screenshots of some of the files to prove their claim. Brenntag had to pay a $4.4 million ransom in bitcoin to receive the encryption key and prevent the threat actors from leaking the stolen data.
7. T-Mobile Attack
The T-Mobile attack targeted vulnerabilities in cellular network security. Names, social security numbers, drivers’ license/ID information, and birthdays of T-Mobile customers were compromised by hackers on August 17th. T-Mobile confirmed that the hackers accessed personal data tied to around 7.8 million of its current subscribers, as well as records of over 40 million people who applied for credit with the company previously.
T-Mobile’s preliminary analysis shed light on the scale of the attack; it did not disclose who was behind the attack and how the attackers could breach T-Mobile’s network security.
Revamp Your Security to Combat Cyberattacks
Physical and natural are no longer the only threats to the uninterrupted functioning of various infrastructures. With the burgeoning 5G capabilities and the sheer amount of IoT devices coupled with the digital era, security is still a major concern. This is exactly why governments and critical infrastructure providers need to have strong security in place to support this massive and growing sea of connectivity.
Proper security measures and network resilience are vital to ensuring that your network remains undisturbed. That said, whereas maintaining vigilance and constantly checking the state of your network can go a long way into securing infrastructure, these measures do not always suffice.
One surefire way of protecting your networks and infrastructure is by adopting FirstPoint’s network-based security solutions such as secure private LTE and 5G. Reach out to us today for a free demo.
