Cyberattacks on Critical Infrastructures Witness Sharp Rise During the Pandemic

CISA | June 05, 2020

  • The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure.

  • CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security.

  • IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise.


The coronavirus pandemic has spawned a huge increase in cyberthreats and attacks. While much of this is aimed at consumers, a lot has also targeted companies whose employees must now access critical infrastructure, such as industrial control systems (ICS) and operational technology (OT) networks, from home.But that critical infrastructure, which keeps modern society going even during a pandemic, is seriously under-protected against cyberattacks, say recent reports from cybersecurity companies.“Critical infrastructure” means more than the obvious utility companies, water systems, and transportation networks. In defining essential workers during Covid-19-related lockdowns, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) lists 16 categories of critical infrastructure.


Last month, CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security. These attacks have been building for some time. A Siemens/Ponemon Institute study last October found that 56% of gas, wind, water and solar utilities around the world had experienced at least one cyberattack within the previous year that caused a shutdown or loss of operation data. Only 42% of respondents — those responsible for OT cybersecurity — said their cyber readiness was high, and only 31% said their readiness to respond to or to contain a breach was high. Smaller organizations were much less confident about their ability to take action.



Read more: CISCO'S 6 UNPATCHED INTERNAL SERVERS COMPROMISED

Our survey found the more integrated IT, OT, IoT and physical systems are, the greater the degree of security, but because they are so integrated, these systems are more vulnerable to attack.

~ said Carcano


Since last year, a growing number of known threat groups have been specifically targeting electric utilities in North America, according to a January report from ICS/OT cybersecurity firm Dragos. In February, IT/OT cybersecurity firm Claroty discovered a new vulnerability related to the notorious Industroyer malware, used in the 2016 attack on the Ukraine power grid. Especially disturbing, the new vulnerability allows a DOS (denial of service) attack against protection relays used in electrical substations. A report Claroty published in March found that a clear majority of IT security professionals are much more worried about cyberattacks on critical infrastructure than they are about data breaches in the enterprise. That’s consistent among respondents in the U.S., the UK, Germany, France and Australia.

CISA published a set of cybersecurity best practices for ICS, which the agency acknowledges are important for supporting critical infrastructure and maintaining national security.


What’s less consistent is the gloomier outlook U.S. respondents have compared to their international counterparts about how much protection is still needed: more than half say U.S. critical infrastructure is vulnerable to attacks, versus 40% of international respondents. But all respondents agreed that electric power is by far the most vulnerable sector. Although some responses vary between domestic and international cybersecurity pros, “They’re more alike than they are different,” Claroty’s co-founder and chief business development officer Galina Antova, told EE Times. “There are some differences based on the vertical sectors, but even within them, a lot depends on the maturity of the security team. At the end of the day, what counts is the maturity of the security systems that team is implementing. On average, U.S. companies are ahead in the security curve when it comes to awareness and starting the implementation steps.”


In the last three years, more companies have become actively engaged in implementing OT cybersecurity, said Antova. Organizational changes that give responsibility for OT security to the chief information security officer will mean that necessary alignments between IT and OT teams happen faster, and these are happening faster in the U.S. than in Europe. However, local legal structures also play a part. For example, in some verticals in Europe, the head of production for certain types of facilities has legal responsibility for the cybersecurity of those facilities, so there are some stricter regulations in Europe compared to the US. The joint survey by OT and IoT cybersecurity company Nozomi Networks and Newsweek Vantage interviewed C-level executives at critical infrastructure companies in North America, Europe, and the Asia/Pacific region. It found that 85% of respondents had experienced security incursions into OT networks. Of those, 36% began as incursions in IT or data systems and 32% were physical incursions into OT systems.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

What Gartner calls "the new threat landscape" is more than just a clever metaphor, it describes a new era of cyber threats aimed at outmaneuvering any security solutions that get in their way. As today's highly publicized data breaches illustrate, the threats launched by these sophisticated cyber criminals seem to be paying off. In spite of this, the picture is not entirely bleak. New, innovative technologies are emerging that incorporate multiple security capabilities designed to increase your chances of keeping threats away from your network, and reducing data exfiltration, should advanced evasion techniques (AETs) allow a piece of malware to get past your gateway security.

Spotlight

What Gartner calls "the new threat landscape" is more than just a clever metaphor, it describes a new era of cyber threats aimed at outmaneuvering any security solutions that get in their way. As today's highly publicized data breaches illustrate, the threats launched by these sophisticated cyber criminals seem to be paying off. In spite of this, the picture is not entirely bleak. New, innovative technologies are emerging that incorporate multiple security capabilities designed to increase your chances of keeping threats away from your network, and reducing data exfiltration, should advanced evasion techniques (AETs) allow a piece of malware to get past your gateway security.

Related News

SOFTWARE SECURITY

Foresite Cybersecurity Begins XDR & Compliance Platform

Foresite Cybersecurity | June 02, 2022

Foresite Cybersecurity, a leading cybersecurity and compliance provider, announced today that it is transitioning from technical services to a product-led Open XDR SaaS platform. The platform will provide a distinct edge for mid-market enterprises by allowing them to consolidate security data from several sources into a single spot to acquire a holistic view of their security and policy compliance maturity. "Our strategy is to provide our customers with an open, extensible platform to enable them to understand their risk and compliance posture. The ProVision Open XDR platform will deliver on the single vision of our customers security posture, allowing not only discovery, response, and remediation, but also providing real-time risk and maturity scores." Matt Gyde, Chairman and CEO of Foresite Cybersecurity Mid-market organizations have battled for years to achieve adequate cybersecurity due to a lack of in-house experience or funding, with many not understanding where to start. The growing trend of remote employment has only made things more complicated. Duane Shugars, Foresite Cybersecurity Chief Technology Officer said that "The market demanded an easier, more simplified model to be protected from cyberattacks and compliant to support business supply chain requirements. We are developing our Open XDR platform to easily absorb all log data, use advanced data science techniques, proprietary machine learning and natural language models, and supply chain illumination to simplify cybersecurity, maturity and compliance." ProVision Open XDR is a cloud-native platform that will be available in Q3 2022 and will employ machine learning to enable insight across the whole IT ecosystem. In the case of an attack, the vendor-agnostic platform allows any cybersecurity technology in the customer's ecosystem, including firewalls, EDR, NDR, and many more, to monitor events, resulting in quicker remediation and reduced economic damage.

Read More

PLATFORM SECURITY

Uptycs Unveils Advanced Container and Kubernetes Capabilities

Uptycs | May 27, 2022

Uptycs, the first cloud-native security analytics platform that enables both cloud and endpoint security from a single platform, today unveiled expanded container and Kubernetes security posture management (KSPM) features for its cloud workload protection platform (CWPP). These features enable real-time identification of containerized workloads, proactive scanning of container images in the CI/CD pipeline, constant compliance monitoring, and Kubernetes security policy audit and enforcement. According to Gartner, by 2026, over 90% of the world's enterprises will be operating containerized apps in production, up from less than 40% currently. Businesses, on the other hand, struggle to manage and maintain these transitory assets. Misconfigurations in the control plane and insecure policies at the single container layer are used by attackers to escalate permissions, conduct container escapes, and compromise nodes for executing code. "Organizations are rapidly scaling their Kubernetes environments and seeing tremendous gains in optimization, availability, and developer productivity, but too often Security teams are left playing catch up. With telemetry from Kubernetes systems supported by our analytics platform, Security teams know immediately what resources they have and the security posture of those resources—across public and private clouds, scaling to tens of thousands of pods. Combined with our industry-leading container security capabilities, this gives Security teams confidence that they have the proper controls in place to minimize risk while enabling innovation." Ganesh Pai, CEO and Co-founder of Uptycs Uptycs offers both fully managed (AWS EKS, Azure AKS, Google GKE) and self-managed Kubernetes environments, such as VMware Tanzu and Google Anthos. Uptycs contains a range of container runtimes (Docker, containerd, CRI-O). The latest KSPM capabilities offered by the Uptycs platform are now readily accessible and will be shown at the 2022 RSA Conference (booth #435) from June 6-9. Learn more about the Uptycs container and Kubernetes security service by visiting the Uptycs blog.

Read More

SOFTWARE SECURITY

Zscaler Advances Cybersecurity and UX with New AI/ML Capabilities

Zscaler | June 23, 2022

Zscaler, Inc., the global leader in cloud security, unveiled today new breakthrough AI/ML innovations driven by the world's largest security cloud for unsurpassed user protection and digital experience monitoring. The new capabilities expand Zscaler's Zero Trust Exchange security platform, allowing companies to implement a Security Service Edge (SSE) that safeguards against the most advanced cyberattacks while providing an outstanding digital experience to users and easing zero trust architecture adoption. Cyberattacks on encrypted internet traffic have increased 314%, ransomware has increased 80%, and double extortion attacks have increased roughly 120%. Phishing is also on the rise, with businesses such as finance, government, and retail experiencing yearly increases in assaults of more than 100% in 2021. Organizations must adjust their defenses to real-time risk changes in order to battle growing threats. However, lean IT and security teams are facing security alert fatigue as they become more exposed to real-time attacks, and they frequently lack the resources and capabilities to adequately analyze and respond to the rising amount of threats. Zscaler is tackling these difficulties by offering one-click root cause analysis to rapidly identify the issues causing bad digital experiences, freeing up IT and security teams from debugging and allowing them to focus on preventing attacks. AI-powered security assists IT workers by automating threat detection in order to provide better and quicker protection. “Cybercriminals are using AI, automation, and advanced techniques to train machines to hack or socially engineer victims faster than ever before. To help our customers combat these escalating techniques, we’ve dramatically advanced AI and machine learning in our cloud to take advantage of our massive data pool, giving our customers granular real-time risk visibility and a solution to combat attackers that no other security vendor can provide.” Amit Sinha, President, Zscaler “Delivering seamless digital experiences, from employee devices to the applications they need, goes hand in hand with securing our sensitive business applications and data, no matter where it resides. Zscaler’s integrated cloud platform helped us effortlessly adopt a zero trust architecture, reduce risk, accelerate our digital transformation, and achieve business goals.” said Darren Beattie, Modern Workplace and Security Operations Manager at Auckland New Zealand-headquartered Tower Limited. “With Zscaler’s AI-powered Zero Trust platform based on a SSE framework, we are able to augment and expand the reach of our IT and security team to stop the growing frequency of advanced cyberattacks. The threat landscape is constantly evolving, and these new AI capabilities will effectively enable us to see real-time changes in risk, automate our response process, and stay ahead of the attackers,” said Stephen Bailey, Vice President of Information Technology at Cache Creek Casino Resort.

Read More