How To Protect Critical Infrastructures Before an Attack Happens
Strategies to prepare and protect against critical infrastructure attacks.
Two years ago, the Colonial Pipeline attack reminded us just how vital it is to protect critical infrastructure from cyberattacks. In this article, Barracuda’s CTO, Fleming Shi, covers what drives attackers to target critical infrastructure and how organizations can protect themselves.
In today’s uncertain geopolitical environment, people and organizations are highly concerned with potential cyberattacks, and rightfully so. The most concerning are possible attacks on critical infrastructure and industrial assets.
Two years ago this month, a ransomware attack brought a major gas pipeline – the Colonial Pipeline – to a standstill. The unfathomable actually happened, and one of the largest and most vital oil pipelines in the U.S. was shut down for several days.
The Colonial Pipeline attack was the largest publicly disclosed attack against U.S. critical infrastructure in history, affecting the delivery of nearly half of the fuel for the East Coast – refined oil for gasoline, jet fuel and home heating oil. It started with a ‘simple’ credential theft.
Phishing attacks lead to credential theft; credential theft leads to potential critical infrastructure attacks.
That’s how it happened in the case of the Colonial Pipeline attack. Threat actors used stolen passwords found on the dark web to access the pipeline’s virtual private network (VPN). Unfortunately, the VPN did not have multi-factor authentication (MFA) turned on, and the credential worked immediately. Attackers logged in and didn’t even have to hack anything—and the rest is history.
Overall Impact Drives Cyber Threat Actors to Target Critical Infrastructure
Attacks on critical infrastructure have quadrupled in the last few years; that needs to change.
According to The State of Industrial Security in 2022 report, MFA needs to be much improved for many of the critical infrastructure sectors; energy, power generation and utilities are the most likely sectors to allow full network access without the requirement of MFA. Additionally, the 2023 Ransomware Insights Report found that energy, oil/gas, and utility organizations reported an above-average success rate (85%) of ransomware attacks due to the impact these organizations have on society and the potential size of the payout for attackers. Not only were they subject to an above-average success rate of ransomware attacks, but the report found that these critical infrastructure organizations were also the most likely to be affected by multiple attacks.
In 2021, the federal bureau of investigation (FBI), the cybersecurity and infrastructure security agency (CISA), and the national security agency (NSA) observed ransomware attacks against 14 of the 16 U.S. critical infrastructure sectors, with public water utilities becoming notable targets. As a result, the U.S. environmental protection agency (EPA) recently announced new requirements for public water facilities to increase their cybersecurity as a result of ransomware attacks on computer networks of water and wastewater facilities from California to Maine.
Needless to say, cyberattacks against critical infrastructure aren’t expected to decline anytime soon.
Strategies to Prevent and Thwart Critical Infrastructure Attacks
Just one successful supply-chain attack on critical infrastructure can have wide-reaching, catastrophic impacts. The goal of these cyberattacks is less about pure financial gain and more about disruption, damage and creating chaos beyond the immediate victims. These attacks show a growing vulnerability to potential nation-state-sponsored attacks as well.
But there is a silver lining. While attacks have increased, fewer victims are paying a ransom – organizations are staying firm thanks to better defenses.
In order to successfully protect our critical infrastructure and industrial networks, it’s important that organizations have structured security measures in place. These proactive measures include:
- Employee training and user awareness: Mandatory security awareness training for all employees should be part of your company’s yearly training repertoire. Training should be part of an organization’s overall security strategy.
- Comprehensive email security: Email is the most common attack vector – 91% of cyberattacks start with an email – therefore, email security should be prioritized. Email security protection should protect against all 13 email threat types – from spam and ransomware to spear phishing, business email compromise and account takeover.
- Standardized remote access solutions: Instead of different remote access solutions from different vendors, organizations should seek out a standardized solution that is not only easy to use but also extensively secured.
- Multi-factor authentication: Despite the prevalence of ransomware attacks on not only critical infrastructure but businesses in general, MFA is not commonplace – and it should be. In the energy sector, for example, 47% of organizations don’t deploy MFA to those employees that have full access to their networks and systems. MFA could help thwart disastrous attacks with far-reaching consequences.
- Robust network segmentation and micro-segmentation: Network segmentation will help reduce the spread of ransomware if a threat actor infiltrates an organization’s systems. Micro-segmentation then takes organizations to zero trust-based access, reducing the overall attack surface.
- Removal of unauthorized tools: It’s important to investigate software that is running on network devices. If it’s unused or unauthorized, it should be removed immediately. Pay special attention to remote monitoring and remote access tools – if an organization isn’t using them, they too, should be disabled.
- Protection of web applications and application programming interfaces (APIs): These applications are outward facing and can spur distributed denial-of-service (DDoS) attacks and intrusion through vulnerabilities associated with web applications and APIs. It’s important to pay particular attention to how these apps are accessed – bots vs. humans.
- Reliable backups: Not only should backups be regularly tested, but it’s also important to think about access control of backups. Threat actors know to look for backup assets, so it’s vital to protect these assets and know who has access to them.
Understandably, critical infrastructure will always be a target because there will always be a high risk associated with it. As ransomware becomes more sophisticated and global tension continues, preventative measures can be taken to minimize disruption, damage and chaos. Deploying cybersecurity best practices before an attack can stop severe attacks on critical infrastructure dead in their tracks.
How are you protecting your critical infrastructure against attacks? Let us know on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON CRITICAL INFRASTRUCTURE
- Lessons Learned from Cyberattacks on Critical Infrastructure
- Know Thy Enemy: Why RagnarLocker Remains a Significant Threat to Critical Infrastructure
- Russia-Ukraine Conflict: Shining a Spotlight on Critical Infrastructure Security
- Is Application Performance Monitoring Key To Protecting Critical Infrastructure Against Cyberattacks?