Infrastructure News

Critical Infrastructure Takes Center Stage

A joint advisory published this year by intelligence agencies from the U.S., Canada, UK, Australia and New Zealand, also known as the ‘Five Eyes’, underpins a critical concern about the potential for nation-state-sponsored attacks. The advisory specifically highlighted the threats targeting critical service providers with the goal of enhancing the defenses of likely victims. As CISA Director Jen Easterly put it: “As the nation’s cyberdefence agency, CISA has been actively working with critical infrastructure entities to rapidly share information and mitigation guidance that will help them protect their systems. We will continue working closely with our federal and industry partners to monitor the threat environment 24/7, and we stand ready to help organizations respond to and recover from cyberattacks.”

The government agencies that set guidelines for organizations—and critical service providers specifically—should dial into a set of preventative measures against cyberattacks that Russian-backed operatives can levy. Measures can include widely accepted practices, which could be considered a baseline for safe, responsible security habits. For example, patching known exploited vulnerabilities based on the threat level, instituting multifactor authentication (MFA) into security protocols, keeping a close eye on remote desktop protocols (RDP) and providing users security training are all key obstacles to keeping criminals out.

Have we Learned our Lesson?

It is unfortunate that attacks are becoming similar with each passing case. The first case where we understood the tangible impacts was during the Colonial Pipeline hack that occurred last year. The pipeline was a crucial source of the United States’ fuel supply, and the cyberattack crippled the company’s operational assets and caused them to halt the flow of over two million barrels of oil across 5,500 miles of piping. The amount disrupted was about half the equivalent amount of oil consumed by the entire east coast, and the attack forced federal executives to pass critical emergency legislation to ensure mobile delivery of fuel could reach consumers.

Every service provider that may be a valuable target for attackers needs to take into account how their IT infrastructure may leave them vulnerable. Modern networks are more diverse and uncentralized, opening companies to greater risk along their supply chain. The smallest of misconfigurations while deploying network assets can now be the entry point to the greater system, leaving the opportunity for attackers to cause serious damage.

The Colonial Pipeline attack also showed how successful ransomware attempts force companies to reveal their contingency plans. After operational systems were taken offline, Colonial Pipeline executives hired top-name security consultants to initiate an emergency response plan to recover systems without causing further damage. This security incident should serve as an example for other critical service providers to enact thorough vulnerability management practices to prevent a costly recovery.

Although the Colonial Pipeline incident is the most notable case of a critical service provider being the target of a successful ransomware attack, it is not the only one. A report from the FBI identified over 650 similar attacks on similar targets within the U.S. last year alone. As political tensions tighten around the globe, the U.S. government has issued several advisories warning organizations of the increased likelihood of attacks on critical infrastructure.

Taking the Initiative on Critical Defense

So what can we do in light of this new reality? Companies now face threats from all angles and new vulnerabilities call for immediate urgent action. Recent trends in successful breaches have been facilitated by fraudulent documents posing as legitimate—about one in 100,000 shared files harbored potentially nefarious code.

Although a majority of companies understand the critical importance of monitoring and scanning every document that enters their system, many still rely solely on solutions offered by antivirus companies. These solutions are important to have as part of any defense strategy, but over-reliance on these can create security blind spots.

About 70% of the malware caught in documents is a new string of malware never seen before, making it difficult to identify with systems that scan for known types. The issue here is companies have to depend on the providers to update their database, which can take time and leaves them waiting and vulnerable. Consequently, ransomware and malware can spread unnoticed for weeks before it is detected.

Rather than wait, critical service providers should take the initiative to document security and explore new technologies like content disarm and reconstruction (CDR) solutions. Instead of scanning documents and passing them along once deemed safe, CDR scrubs and completely reconstructs files to meet critical security standards.

For critical infrastructure and service providers, covering all potential openings susceptible to attack has become necessary for defending the services we rely on and the greater defense of the country. The Five Eyes stress that “critical infrastructure network defenders prepare for and mitigate potential cyberthreats – including destructive malware, ransomware, DDoS attacks, and cyber espionage.” In today’s security landscape, companies and organizations need to take greater initiative in securing their defenses.

Source link

Leave a Comment