Cyberattacks against infrastructure

Last updated

Once a cyberattack has been initiated, certain targets need to be attacked to cripple the opponent. Certain infrastructures as targets have been highlighted as critical infrastructures in times of conflict that can severely cripple a nation. Control systems, energy resources, finance, telecommunications, transportation, and water facilities are seen as critical infrastructure targets during conflict. A new report on the industrial cybersecurity problems, produced by the British Columbia Institute of Technology, and the PA Consulting Group, using data from as far back as 1981, reportedly has found a 10-fold increase in the number of successful cyber attacks on infrastructure Supervisory Control and Data Acquisition (SCADA) systems since 2000. [1] Cyberattacks that have an adverse physical effect are known as cyber-physical attacks. [2]

Contents

Control systems

Control systems are responsible for activating and monitoring industrial or mechanical controls. Many devices are integrated with computer platforms to control valves and gates to certain physical infrastructures. Control systems are usually designed as remote telemetry devices that link to other physical devices through internet access or modems. Little security can be offered when dealing with these devices, enabling many hackers or cyberterrorists to seek out systematic vulnerabilities. Paul Blomgren, manager of sales engineering at cybersecurity firm explained how his people drove to a remote substation, saw a wireless network antenna and immediately plugged in their wireless LAN cards. They took out their laptops and connected to the system because it wasn't using passwords. "Within 10 minutes, they had mapped every piece of equipment in the facility," Blomgren said. "Within 15 minutes, they mapped every piece of equipment in the operational control network. Within 20 minutes, they were talking to the business network and had pulled off several business reports. They never even left the vehicle." [3]

Energy

Energy is seen as the second infrastructure that could be attacked. [4] It is broken down into two categories, electricity and natural gas. Electricity also known as electric grids power cities, regions, and households; it powers machines and other mechanisms used in day-to-day life. Using US as an example, in a conflict cyber terrorists can access data through the Daily Report of System Status that shows power flows throughout the system and can pinpoint the busiest sections of the grid. By shutting those grids down, they can cause mass hysteria, backlog, and confusion; also being able to locate critical areas of operation to further attacks in a more direct method. Cyberterrorists can access instructions on how to connect to the Bonneville Power Administration which helps direct them on how to not fault the system in the process. This is a major advantage that can be utilized when cyberattacks are being made because foreign attackers with no prior knowledge of the system can attack with the highest accuracy without drawbacks. Cyberattacks on natural gas installations go much the same way as it would with attacks on electrical grids. Cyberterrorists can shutdown these installations stopping the flow or they can even reroute gas flows to another section that can be occupied by one of their allies. There was a case in Russia with a gas supplier known as Gazprom, they lost control of their central switchboard which routes gas flow, after an inside operator and Trojan horse program bypassed security. [3]

The 2021 Colonial Pipeline cyberattack caused a sudden shutdown of the pipeline that carried 45% of the gasoline, diesel, and jet fuel consumed on the East Coast of the United States.

Wind farms, both onshore and offshore, are also at risk from cyber attacks. In February 2022, a German wind turbine maker, Enercon, lost remote connection to some 5,800 turbines following a large-scale disruption of satellite links. In April 2022, another company, Deutsche Windtechnik, also lost control of roughly 2,000 turbines because of a cyber-attack. While the wind turbines were not damaged during these incidents, these attacks illustrate just how vulnerable their computer systems are. [5]

Finance

Financial infrastructures could be hit hard by cyberattacks as the financial system is linked by computer systems. [6] Money is constantly being exchanged in these institutions and if cyberterrorists were to attack and if transactions were rerouted and large amounts of money stolen, financial industries would collapse and civilians would be without jobs and security. Operations would stall from region to region causing nationwide economic degradation. In the U.S. alone, the average daily volume of transactions hit $3 trillion and 99% of it is non-cash flow. [3] To be able to disrupt that amount of money for one day or for a period of days can cause lasting damage making investors pull out of funding and erode public confidence.

A cyberattack on a financial institution or transactions may be referred to as a cyber heist. These attacks may start with phishing that targets employees, using social engineering to coax information from them. They may allow attackers to hack into the network and put keyloggers on the accounting systems. In time, the cybercriminals are able to obtain password and keys information. An organization's bank accounts can then be accessed via the information they have stolen using the keyloggers. [7] In May 2013, a gang carried out a US$40 million cyber heist from the Bank of Muscat. [8]

Transportation

Transportation infrastructure mirrors telecommunication facilities: by impeding transportation for individuals in a city or region, the economy will slightly degrade over time. Successful cyber attacks can impact scheduling and accessibility, creating a disruption in the economic chain. Carrying methods will be impacted, making it hard for cargo to be sent from one place to another. In January 2003 during the "slammer" virus, Continental Airlines was forced to shut down flights due to computer problems. [3] Cyberterrorists can target railroads by disrupting switches, target flight software to impede airplanes, and target road usage to impede more conventional transportation methods. In May 2015, a man, Chris Roberts, who was a cyber consultant, revealed to the FBI that he had repeatedly, from 2011 to 2014, managed to hack into Boeing and Airbus flights' controls via the onboard entertainment system, allegedly, and had at least once ordered a flight to climb. The FBI, after detaining him in April 2015 in Syracuse, had interviewed him about the allegations. [9]

Water

Water as an infrastructure could be one of the most critical infrastructures to be attacked. It is seen as one of the greatest security hazards among all of the computer-controlled systems. There is the potential to have massive amounts of water unleashed into an area which could be unprotected causing loss of life and property damage. Even water supplies could be attacked; sewer systems can be compromised too. There was no calculation given to the cost of damages, but the estimated cost to replace critical water systems could be in the hundreds of billions of dollars. [3] Most of these water infrastructures are well developed making it hard for cyberattacks to cause any significant damage, at most, equipment failure can occur causing power outlets to be disrupted for a short time.

In 2024, multiple US water facilities had their industrial equipment compromised by hackers to display anti-Israel messages. Although no major damage has been inflicted, it has revealed US water facilities are experiencing lack of funding and resources to patch security vulnerabilities in their infrastructure. [10]

Waste management

In addition to water facilities, waste management facilities can also be and have been targets of cyberattacks.

In 2023, the Radio Waste Management (RWM) company, owned by the United Kingdom government, experienced an unsuccessful cybersecurity breach through the use of LinkedIn. The attack attempted to identify and access the people who are part of the business. [11]

In 2023, Sellafield, the UK's largest and most hazardous nuclear waste disposal site, had been targeted by foreign hackers, linked to Russia and China. Sleeper malware was discovered inside of the site's networks, and it is unknown how long it had been installed or if it had been fully removed. The full extent of the weak security was exposed when staff found they could access Sellafield's servers from outside the site. Reports in 2012 and 2015 reported that the company and senior management have been aware of the security vulnerabilities but failed to report or spend resources to address these vulnerabilities. Sellafield's sensitive documents, such as foreign attack or disaster emergency defense plans and radioactive waste management, may have been compromised. [12]

It is possible for smaller scale electronics in e-waste to become targets of cyberattacks. The PwC estimates that globally by 2030, the amount of Internet of Things (IoT) devices owned around the world would reach over 25 billion, and of that, 70 million tonnes of e-waste will be generated and disposed of. Although only based on anecdotal evidence, it's estimated the majority of this e-waste is improperly disposed of, allowing the components of these devices to retain sensitive information and personal data. Cyber criminals may target e-waste of individuals or organizations to gain access to sensitive data that isn't as securely guarded as active devices. [13]

Hospitals and Medical Facilities

Hospital as an infrastructure is one of the major assets to have been impacted by cyber attacks. These attacks could "directly lead to deaths." The cyberattacks are designed to deny hospital workers access to critical care systems. Recently, there has been a major increase of cyberattacks against hospitals amid the COVID-19 pandemic. Hackers lock up a network and demand ransom to return access to these systems. The ICRC and other human rights group have urged law enforcement to take "immediate and decisive action" to punish such cyber attackers. [14]

Hospitals and medical facilities have seen an increase in ransomware attacks in which criminals encode Protected Health Information (PHI) and other private identifiable information. When the ransom is paid, the money is exchanged for a key to decode the information and to return the stolen data. [15] Access points into hospital infrastructure are often through third-party companies that hospitals may contract jobs through. The HIPAA Omnibus Rule created in 2013 requires that all business contracted to perform work for the hospital where patient information could be involved would be required to be held to the same standards of security. [16] An increasingly common access point has been through camera and security systems that are being added to the hospitals network. As more outside companies and devices become connected through the internet, the risks for cyberattacks increases. During the COVID- 19 pandemic an increase in attacks was noted. Researchers concluded that this was the result of increased remote work in which hospital staff had more devices connected to networks increasing potential areas of vulnerability. [17] One tactic that has been effective in preventing cyberattacks in the healthcare industry is the Zero Trust method. In this model, all users known and unknown are viewed as a potential threat and requires everyone to verify their identity with the appropriate credentials. [15]

With an increased use of Electronic Medical Records (EMR) comes an increased need for security to protect patient information and privacy. [16] When a hospital experiences a data breach in the United States, the facility is required to report the breach to the people impacted under the Health Information Technology for Economic and Clinical Health Act, also called HITECH ACT, as it has the Breach Notification Rule. The rule states that facilities are required to report data breaches if the facility provides patient care under HIPAA guidelines. The Health Insurance Portability and Accountability Act protects patient's right to privacy regarding their Protected Health Information (PHI). [18] Accessing PHI can be very lucrative for cybercriminals as this information can contain home addresses, social security numbers, banking information, and other personally identifiable information. [15]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

An exploit is a method or piece of code that takes advantage of vulnerabilities in software, applications, networks, operating systems, or hardware, typically for malicious purposes. The term "exploit" derives from the English verb "to exploit," meaning "to use something to one’s own advantage." Exploits are designed to identify flaws, bypass security measures, gain unauthorized access to systems, take control of systems, install malware, or steal sensitive data. While an exploit by itself may not be a malware, it serves as a vehicle for delivering malicious software by breaching security controls.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Emerging alongside the development of information technology, cyberterrorism involves acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Some authors opt for a very narrow definition of cyberterrorism, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

A blended threat is a software exploit that involves a combination of attacks against different vulnerabilities. Blended threats can be any software that exploits techniques to attack and propagate threats, for example worms, trojan horses, and computer viruses.

A zero-day is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The vendor has zero days to prepare a patch as the vulnerability has already been described or exploited.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

A medical device hijack is a type of cyber attack. The weakness they target are the medical devices of a hospital. This was covered extensively in the press in 2015 and in 2016.

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, such as corporate entities or entire nations. Surveillance self-defense is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

<span class="mw-page-title-main">Cyber-kinetic attack</span> Hacking targeting physical infrastructure

Overview

Ryuk is a type of ransomware known for targeting large, public-entity Microsoft Windows cybersystems. It typically encrypts data on an infected system, rendering the data inaccessible until a ransom is paid in untraceable bitcoin. Ryuk is believed to be used by two or more criminal groups, most likely Russian or Ukrainian, who target organizations rather than individual consumers.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

<span class="mw-page-title-main">Health Service Executive ransomware attack</span> 2021 cyber attack on the Health Service Executive in Ireland

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

In Q2 of 2013, Akamai Technologies reported that Indonesia topped China with a portion 38 percent of cyber attacks, an increase from the 21 percent portion in the previous quarter. China was at 33 percent and the US at 6.9 percent. 79 percent of attacks came from the Asia Pacific region. Indonesia dominated the attacking to ports 80 and 443 by about 90 percent.

References

  1. Linden, Edward. Focus on Terrorism. New York: Nova Science Publishers, Inc., 2007. Web.
  2. Loukas, George (June 2015). Cyber-Physical Attacks A growing invisible threat. Oxford, UK: Butterworh-Heinemann (Elsevier). p. 65. ISBN   9780128012901.
  3. 1 2 3 4 5 Lyons, Marty. United States. Homeland Security. Threat Assessment of Cyber Warfare. Washington, D.C.:, 2005. Web.
  4. Trakimavicius, Lukas. "Protect or Perish: Europe's Subsea Lifelines". Center for European Policy Analysis. Retrieved 2023-07-26.
  5. Trakimavicius, Lukas. "Predators Will Circle Baltic Power Farms". Center for European Policy Analysis. Retrieved 2023-07-26.
  6. Lin, Tom C. W. (14 April 2016). "Financial Weapons of War". ssrn.com.
  7. Krebs, Brian. "Security Fix - Avoid Windows Malware: Bank on a Live CD". Voices.washingtonpost.com. Archived from the original on January 6, 2010. Retrieved 2011-06-23.
  8. "Indian Companies at Center of Global Cyber Heist". onlinenewsoman.com. Archived from the original on 31 December 2016. Retrieved 6 December 2017.
  9. Evan Perez (18 May 2015). "FBI: Hacker claimed to have taken over flight's engine controls". CNN.
  10. Lyngaas, Sean (2024-03-19). "Cyberattacks are hitting water systems throughout US, Biden officials warn governors | CNN Politics". CNN. Retrieved 2024-04-23.
  11. Lawson, Alex; Isaac, Anna (2023-12-31). "Cyber-hackers target UK nuclear waste company RWM". The Guardian. ISSN   0261-3077 . Retrieved 2024-04-23.
  12. Isaac, Anna; Lawson, Alex (2023-12-04). "Sellafield nuclear site hacked by groups linked to Russia and China". The Guardian. ISSN   0261-3077 . Retrieved 2024-04-23.
  13. PricewaterhouseCoopers. "Critical infrastructure and the e-waste data security threat". PwC. Retrieved 2024-04-23.
  14. "Cyber Daily: Human-Rights Groups Want Law Enforcement to Do More to Stop Hospital Cyberattacks". Wall Street Journal. June 2020. Retrieved 1 June 2020.
  15. 1 2 3 Vukotich, George (2023). "Healthcare and cybersecurity: Taking a Zero trust approach". Health Services Insights. 16. doi:10.1177/11786329231187826. PMC   10359660 . PMID   37485022.
  16. 1 2 Yaraghi, Niam (2018). "The Role of HIPAA Omnibus Rules in Reducing the Frequency of Medical Data Breaches: Insights From an Empirical Study". The Milbank Quarterly. 96 (1): 144–166. doi:10.1111/1468-0009.12314. PMC   5835681 . PMID   29504206.
  17. Wiggen, Johannes (2020). "The Impact of COVID-19 on Cyber Crime and State-Sponsored Cyber Activities". Konrad Adenauer Stiftung via JSTOR.
  18. Dolezal, Diane (2023). "Effects of internal and external factors on hospital data breaches: Quantitative study". Journal of Medical Internet Research. 25: e51471. doi: 10.2196/51471 . PMC   10767628 . PMID   38127426. ProQuest   2917629718.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.