The sudden shutdowns of transport systems or power grids that we are familiar with from Hollywood blockbusters have become real-world possibilities, threatening the lives and livelihoods of millions.
Don’t take my word for it – it was one of the boasts made by the individual or team that claimed responsibility for last November’s cyber-attack on the MUNI transport system in San Francisco. In this attack, ransomware disabled ticket machines across the city over Thanksgiving weekend, leaving the rail network with little choice but to let passengers ride for free. Data was also encrypted on the transport network’s internal systems, with a ransomware note appearing on screens.
Thankfully, the rail network was able to overcome all the obstacles without paying the ransom, although the network had to miss out on a weekend’s revenue.
Only a few months before the San Francisco attack, Hollywood’s own Presbyterian Medical Center was targeted by vicious ransomware and a couple of months prior to that, parts of the Ukrainian power grid were attacked, cutting off power to thousands of vulnerable people in a state coping with a bitter insurgency.
These attacks come uncomfortably close to Hollywood’s fraught portrayals, and unfortunately, almost every country’s critical national infrastructure (CNI) is now under constant attack from criminals.
Opportunities for network penetration have grown as the Internet of Things has expanded, with large infrastructure organisations now operating a huge number of internet-connected devices that criminals can attack or subvert. This extends the security border of any infrastructure organisation way beyond its physical boundaries.
Compounding this risk are the twin forces of IT conservatism and lack of investment which leave many organisations using outdated operating systems and reliant on old-fashioned AV security.
What is especially worrying is that most of these organisations still fail to appreciate the huge dangers presented by emails. It only takes one employee to click open an everyday file-type in an email attachment and an entire city can be brought to its knees as code hidden in the structure of a document downloads malware to commence a full-scale attack.
The lethal dangers lurking in everyday email attachments are constantly overlooked. More than 90 per cent of successful cyber-attacks begin with someone clicking open an email attachment. A million new types of malware are found on a daily basis, but governments and their agencies seem happy to carry on as if nothing has changed in the last decade, relying on creaking old anti-virus detection that can never keep up with the inventiveness of cyber criminals.
While new forms of malicious code are being written every minute, social engineering has also become hugely sophisticated, making it difficult for busy employees to resist clicking open an email that appears to be legitimate.
It is because hackers have such advanced capabilities and because traditional perimeter security solutions are increasingly inadequate, that national infrastructure operators must turn towards innovation to bridge their yawning cyber security gaps. They cannot rely on governments or official bodies to solve the problem for them – it requires action now.
Technologies such as Content Disarm and Reconstruction (CDR) are already well-developed and tested and will combat threats such as malicious email attachments. There is no possibility that an organisation can ban the use of email attachments – they are what every business depends on. It just takes a more forward-thinking attitude to technological innovation, and critical infrastructure organisations can protect themselves and the rest of us much more effectively.