Cyberattacks on Critical Infrastructures Witness Sharp Rise During the Pandemic

CISA | June 05, 2020

Cyberattacks on Critical Infrastructures Witness Sharp Rise During the Pandemic
  • The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure.

  • CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security.

  • IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise.


The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure, such as industrial control systems (ICS) and operational technology (OT) networks, from home.But that critical infrastructure, which keeps modern society going even during a pandemic, is seriously under-protected against cyberattacks, say recent reports from cybersecurity companies.“Critical infrastructure” means more than the obvious utility companies, water systems, and transportation networks. In defining essential workers during Covid-19-related lockdowns, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) lists 16 categories of critical infrastructure.


Last month, CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security. These attacks have been building for some time. A Siemens/Ponemon Institute study last October found that 56% of gas, wind, water and solar utilities around the world had experienced at least one cyberattack within the previous year that caused a shutdown or loss of operation data. Only 42% of respondents — those responsible for OT cybersecurity — said their cyber readiness was high, and only 31% said their readiness to respond to or to contain a breach was high. Smaller organizations were much less confident about their ability to take action.



Read more: CISCO'S 6 UNPATCHED INTERNAL SERVERS COMPROMISED

Our survey found the more integrated IT, OT, IoT and physical systems are, the greater the degree of security, but because they are so integrated, these systems are more vulnerable to attack.

~ said Carcano


Since last year, a growing number of known threat groups have been specifically targeting electric utilities in North America, according to a January report from ICS/OT cybersecurity firm Dragos. In February, IT/OT cybersecurity firm Claroty discovered a new vulnerability related to the notorious Industroyer malware, used in the 2016 attack on the Ukraine power grid. Especially disturbing, the new vulnerability allows a DOS (denial of service) attack against protection relays used in electrical substations. A report Claroty published in March found that a clear majority of IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise. That’s consistent among respondents in the U.S., the UK, Germany, France and Australia.

CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security.


What’s less consistent is the gloomier outlook U.S. respondents have compared to their international counterparts about how much protection is still needed: more than half say U.S. critical infrastructure is vulnerable to attacks, versus 40% of international respondents. But all respondents agreed that electric power is by far the most vulnerable sector. Although some responses vary between domestic and international cybersecurity pros, “They’re more alike than they are different,” Claroty’s co-founder and chief business development officer Galina Antova, told EE Times. “There are some differences based on the vertical sectors, but even within them, a lot depends on the maturity of the security team. At the end of the day, what counts is the maturity of the security systems that team is implementing. On average, U.S. companies are ahead in the security curve when it comes to awareness and starting the implementation steps.”


In the last three years, more companies have become actively engaged in implementing OT cybersecurity, said Antova. Organizational changes that give responsibility for OT security to the chief information security officer will mean that necessary alignments between IT and OT teams happen faster, and these are happening faster in the U.S. than in Europe. However, local legal structures also play a part. For example, in some verticals in Europe, the head of production for certain types of facilities has legal responsibility for the cybersecurity of those facilities, so there are some stricter regulations in Europe compared to the US. The joint survey by OT and IoT cybersecurity company Nozomi Networks and Newsweek Vantage interviewed C-level executives at critical infrastructure companies in North America, Europe, and the Asia/Pacific region. It found that 85% of respondents had experienced security incursions into OT networks. Of those, 36% began as incursions in IT or data systems and 32% were physical incursions into OT systems.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

Retail IT environments face an unprecedented level of technological change. Stores have more requirements, and customers expect both performance and security when using in-store services. Retail organizations also face organized and well-funded hackers that prey on any weakness in networks and point-of-sale (POS) systems. The unfortunate result of many attacks is the theft of credit card and other customer data. This white paper summarizes the challenges that retail networks are confronting and describes a Cisco® security solution that provides effective, up-to-date, dependable protection: Cisco Cloud Web Security (CWS).

Related News

DATA SECURITY

Global VM Market Sees Strong Growth Due to Rise in Cyber Threats, Finds Frost & Sullivan

Frost & Sullivan | October 07, 2021

Frost & Sullivan's recent analysis on the Global Vulnerability Management Market finds that enterprises are becoming more vulnerable to cyber-attacks as they embrace digital transformation initiatives. This is due to an expanded attack surface resulting from multiple touchpoints through an open network and easy accessibility to databases and applications. An expanded attack surface has triggered the need for greater investments in vulnerability management (VM) solutions. Given this demand, the global VM market is expected to reach $2.51 billion by 2025, expanding at a compound annual growth rate (CAGR) of 16.3%. From a regional perspective, North America will continue to dominate the VM market over the forecast period. The recent executive order to improve US cybersecurity is one of the main demand drivers in the region. Europe, the Middle East, and Africa (EMEA) will be the second-largest VM market as a result of regulations such as General Data Protection Regulations (GDPR). Finally, the growing significance of cybersecurity among end-users and rapid digital transformation initiatives encourage organizations to embrace VM in APAC and Central and Latin America. The COVID-19 pandemic and the resulting work-from-home economy have expanded organizations' attack surface. With organizations adjusting to a new mode of business operations, VM capabilities for emerging platforms and applications will gain traction,In addition, as businesses embrace network-attached endpoints, cloud-based applications, and connected devices, the need for managing vulnerabilities in the extended attack surface will surge. Swetha R Krishnamoorthi, Senior Industry Analyst, Cybersecurity at Frost & Sullivan Swetha added: "Organizations' move toward holistic and focused security will encourage vendors to integrate capabilities from upstream, downstream, and alternative applications. Over the next decade, there will also be a likely emergence of an 'integrated security posture assessment tool' that provides end-to-end risk management for enterprises." Increased threats amid higher numbers of connected devices and regulatory requirements for organizations to perform regular vulnerability scanning and remediation will present lucrative growth prospects for VM vendors, including: Addressing end-to-end vulnerability management workflow through an integrated platform by having an extensive list of integrations that enable an organization to pull in data from different tools and trigger workflows on other platforms from a single pane of glass. Focusing on emerging economies and identifying local distribution partners and value-added resellers to boost expansion initiatives in emerging markets. Leveraging managed security service providers (MSSPs) as a revenue source to expand the customer base by developing a separate pricing model that works well for both MSSPs and customers, ensuring profitability. Expanding asset-type coverage to a non-conventional environment through strategic partnerships or inorganic deals with operational technology security vendors to hasten the acquisition of capabilities and achieve growth. Global Vulnerability Management Market, Forecast to 2025 is the latest addition to Frost & Sullivan's Information & Communication Technology research and analyses available through the Frost & Sullivan Leadership Council, which helps organizations identify a continuous flow of growth opportunities to succeed in an unpredictable future. About Frost & Sullivan For six decades, Frost & Sullivan has been world-renowned for its role in helping investors, corporate leaders and governments navigate economic changes and identify disruptive technologies, Mega Trends, new business models, and companies to action, resulting in a continuous flow of growth opportunities to drive future success.

Read More

Netenrich Announces an Integrated Threat and Attack Surface Intelligence Offering to Help Enterprises Reduce Their Digital Brand Exposure

Netenrich | July 31, 2020

Netenrich, a Resolution Intelligence company, today announced an integrated Threat and Attack Surface Intelligence offering to help enterprises reduce their digital brand exposure while overcoming skills gaps. Two new products, Knowledge Now (KNOW), a free global threat intelligence tool, and Attack Surface Intelligence (ASI) combine to deliver rich, actionable context for faster, more proactive response to known and emerging cyber threats.KNOW and ASI address growing risk and alert fatigue that IT and SecOps professionals face on a daily basis. ASI lets security teams continuously see what adversaries see as they target brand exposure and shadow IT vulnerabilities. KNOW provides global threat information that lets analysts learn about, search, and gain rich context into malicious activity up to 15x faster.

Read More

DATA SECURITY

Untangle Taps Brigantia Partners To Grow SMB Security Distribution in the UK

Untangle | August 10, 2021

Untangle Inc., a leader in comprehensive network security for small-to-medium businesses (SMBs) and distributed enterprises, today announced a partnership with Brigantia Partners to support its successful award-winning SMB security solutions in the United Kingdom. According to the latest Untangle SMB IT Security Report, 45% of businesses indicated that they have adjusted or reevaluated their IT security roadmap based on recent security breaches and ransomware attacks. As the threat of cyberattack continues to grow, SMBs demands require a multi-layer approach to security which includes comprehensive support and services. This strategic partnership with Brigantia empowers a new market of SMBs with protection, visibility and control across their entire digital attack surface. "Our partnership with Brigantia will enable us to reach MSPs with specific needs that Brigantia understands," said Scott Devens, CEO at Untangle. "Brigantia has a deep understanding of IT Managed Services within the UK, and together with Untangle, will be able to provide the best in class products, support and services. Untangle is energized by Brigantia's approach to building their UK business and we look forward to a successful partnership where we grow together." Brigantia is an award-winning, value-added managed services distributor providing comprehensive, cost-effective IT solutions. The company has three distinct business areas designed to add maximum value to its reseller, MSP, MSSP and consultant partners' businesses: Brigantia Distribution, Brigantia Consulting, and Brigantia Enhance. Through its partnership with Untangle, customers now benefit from a robust product stack that offers comprehensive security with deep analysis and insights, network orchestration, reliable connectivity and network performance. "After years of searching for a next-generation firewall solution that is clearly aimed at the SME and MSP marketspace, Brigantia Partners is excited to be launching the award-winning range from Untangle." said Martin Wright, Managing Director at Brigantia Partners Limited. "With this new addition to our portfolio, we are providing our partners with an enterprise-level firewall and VPN solution that is simple to deploy and manage, while also fitting into SME budgets." Untangle leverages a fully cloud supported console which provides day to day analysis and alert system to ensure that customers are alerted of any malicious activity. With MSPs now empowered by NG Firewall, which offers highly customizable protection and robust filtering capabilities, customers can now ensure they receive the full advanced protection of the Untangle Network Security Framework. Brigantia and Untangle share the same commitment to supporting SMBs and distributed organizations against cyber attacks. Working in tandem with the Untangle SD-WAN product line, Brigantia can offer end users a homogeneous, professional solution for SMEs with multiple locations. To learn more, please visit www.brigantia.com. About Untangle Untangle is an innovator in cybersecurity designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations. Untangle's integrated suite of software and appliances provides enterprise-grade capabilities and consumer-oriented simplicity to organizations with limited IT resources. Untangle's award-winning network security solutions are trusted by over 40,000 customers around the world. Untangle is headquartered in San Jose, California.

Read More

Spotlight

Retail IT environments face an unprecedented level of technological change. Stores have more requirements, and customers expect both performance and security when using in-store services. Retail organizations also face organized and well-funded hackers that prey on any weakness in networks and point-of-sale (POS) systems. The unfortunate result of many attacks is the theft of credit card and other customer data. This white paper summarizes the challenges that retail networks are confronting and describes a Cisco® security solution that provides effective, up-to-date, dependable protection: Cisco Cloud Web Security (CWS).