The profile of cyber security in general has been raised to a record high in the last couple of years, with instances such as the WannaCry ransomware attack hitting headlines globally. While ordinary people may be more familiar with basic terms and precautions, is there any real fear associated with malicious cyber activity? With attacks on critical infrastructure increasing, we should be very concerned.
While being tricked by phishing attacks or getting a computer virus is extremely annoying and sometimes costly, it still exists in the non-physical cyber world for most people, and can be forgotten about. However, cyber attacks that target and are able to impact critical infrastructure are very real, and have already been used to effect.
Hackers have become more formidable, while much of the world’s core infrastructure continues to use legacy technology when carrying out vital processes; this in many cases leaves the door wide open to even simplistic forms of cyber attack.
A new form of malware comparable to the Stuxnet attack that was designed for infrastructure has recently been discovered, it is called Industroyer. The attack is able to take direct control of electricity substation circuit breakers using industrial communication protocols, this means that power stations, transportation control systems, water, and gas plants are all potential targets.
We are undoubtedly set to see more of these frightening attacks in future, but in this list we are going to reflect on some of the most high profile examples of cyber attacks on critical infrastructure around the world.
Ukrainian Power Outages
In December 2015 a massive power outage hit the Ukraine, and it was found to be the result of a supervisory control and data acquisition (SCADA) cyber attack. This instance left around 230,000 people in the West of the country without power for hours.
The seed of this chaos was sewn using spear phishing emails, a low tech approach to launch such an attack; this trend is relevant today, with phishing still being used against critical infrastructure. Awareness to these risks is a major factor in the success of these simplistic approaches.
Precisely a year after this attack, another attack hit the country, this time targeting the Pivichna substation near Kiev, causing an hour long blackout in the surrounding area. The significance of this attack was that it led people to question whether these attacks were practice for something still more powerful.
Eugene Kaspersky, cybersecurity expert, and CEO of Kaspersky Labs issued a warning to the world that we could be on the brink of turmoil, with hackers closing in on the features of critical infrastructure.
Rye Brook, New York Dam Attack
This example involves a different attack target, a small dam in Rye Brook, New York. This insignificant construct became the focal point of a serious nation-state concern, as the U.S. Justice Department claimed that it was as Iranian attack on U.S. infrastructure.
Hackers succeeded in accessing the core command-and-control system, and they only used a cellular modem to do so. Although the attack hit in 2013, it was not reported on until 2016.
The move to attack the infrastructure of another nation, with the intention to potentially commandeer it is extremely frightening, and potentially foreboding of the future of warfare. This particular example marks the first serious attack of its kind.
A link can be made between this example and another potential industrial cyber risk that CBR learned about from Jerry Dixon, ex-Homeland Security, and the CISO at Crowdstrike. He told us that Georgia Tech had carried out an experiment to see whether a water plant could be hacked, and controlled to ramp up the chlorine in the water, the mock attackers were successful.
SWIFT global bank messaging system
Spanning 2015 and 2016, the SWIFT global messaging system which is used by banks to move money around the world, was used by hackers from North Korea. While this example does not pertain to the more visual examples of water and power, it can still prove absolutely crippling.
These successful attacks results in millions of dollars being stolen. The attack was linked back to a group called Lazarus who had links to North Korea. If the blame is rightly on North Korea, this instance would mark the first example of a cyberattack from a nation-state that targeted funds; still a very damaging attack.
Attackers were able to find vulnerabilities in the defences of banks and use them to access their systems and ultimately gain access to their legitimate SWIFT credentials.
U.S. nuclear power plants
Very recently The New York Times released news of a join report from the FBI and Homeland Security regarding cyber attacks on a number of nuclear power plants across the country.
The only plant named in the news was the Wolf Creek Nuclear Operating Corporation, based in Kansas. Motives for the attacks were not detailed, nor were the severity of the attacks.
It was strongly indicated however that spear phishing was the method by which attacks were made, an extremely simple attack that was used to target individuals who had access to the critical controls of the plant.
Infected email attachments are being used to great effect, despite being regarded as perhaps the least complex attack. The success of this method points to low levels of general awareness, with cyber security conduct also lacking dangerously, even in an environment with the highest potential risks.
The danger associated with nuclear power plants is high anyway, despite the added risk of a potential enemy of the state assuming control of such a facility. With such attacks on the increase, it could be the case that we are seeing an intention from nation-state threat actors to weaponise our own critical infrastructure against us.
UK attacks on energy sector
The news emerged today in a report from the UK’s General Communications Headquarters (GCHQ), and more specifically the national Cyber Security Centre (NCSC) that hackers are targeting the UK energy sector. So far the report has only been seen by Motherboard.
This incident is highly relevant to the previous instance on our list from the United States, and is indicative of the forewarned growing trend of cyber attacks in these spaces. The nature of recent news will make many consider there having been a nation-state influence behind the attacks.
At the core of the report it is said that ‘industrial control system organizations are likely to have been successfully compromised.’ Like in the comparable U.S. incident, no speculation of motivations behind the attacks was included.
Motherboards were told by the CEO of security firm Dragos, Robert M. Lee that “Targeted intrusions into civilian infrastructure is only increasing and only becoming more worrisome.” This warning is congruent with the one previously issued by expert Eugene Kaspersky.
Eugene Kaspersky issued a stark warning at the beginning of this year pertaining to this concerning, growing trend. He places major importance on tackling this huge threat, warning that global blackout could be a consequence if we do nothing. He said: “As we increasingly depend on technology as the backbone of our civilization, we need to ensure our critical infrastructure is built upon a robust architecture that is not only secure, but immune. If we don’t adopt a security first approach, we will face a very uncertain future.”