In this article, we are going to address the vulnerability levels, dilemmas in safety and security, and preventive steps for infrastructure networks. To upgrade your cybersecurity skills, enrolling in courses like Cybersecurity Training in Hyderabad would aid you in learning the required knowledge.
The largest-ever collection of hacked usernames and passwords was posted online on February 2nd Known as COMB, it included the credentials for the Oldsmar water plant in Florida, as well as 3.2 billion unique email/password pairs.
Three days later, an unknown attacker gained access to Oldsmar’s computer systems and attempted to raise the pH of the city’s water to dangerously high acidic levels by multiplying sodium hydroxide (lye) by 100. Even though the attempt was prevented and lye levels returned to normal, the incident demonstrated how easily cybercriminals are increasingly able to target important national infrastructure (CNI).
The attacker was assumed to have gained access to Oldsmar’s systems via the plant’s TeamViewer software, which permits supervisors to access the system remotely in this scenario. “Our analysts discovered several high-risk vulnerabilities and exposures publicly connected to TeamViewer as recently as August 2020,” claims Evan Kohlmann, Threat intelligence platform Flashpoint’s Chief Innovation Officer. “This provides an example of a malicious website launching TeamViewer with arbitrary parameters to capture the victim’s password hash for offline password cracking.”
However, this isn’t a TeamViewer-specific issue. The DHS stated in 2013 that an Iranian hacker organization called ‘SOBH Cyber Jihad’ gained access to computer systems operating the Bowman Avenue Dam in New York at least six times, gaining access to critical files containing passwords and usernames. Likewise, in 2015 and 2016, Ukraine was hit by a series of power system attacks blamed on a Russia-backed advanced persistent threat group known as Sandworm, which left 225,000 Ukrainians without power for many hours at a time.
Vulnerable to Extreme Levels
An analysis by CyberNews in July 2020 revealed how simple it would be for an attacker to get access to vital US infrastructure through insecure industrial control systems. This might be accomplished by simply employing search engines and programs specialized in scanning all open ports and taking control remotely.
When compared to commercial organizations, attacks on CNI assets usually necessitate far more specialized tools and knowledge. The majority of threat actors are motivated solely by financial gain, whereas disrupting CNI offers little financial benefit.
There are, however, indicators that this is starting to change. “Sadly, I am seeing an increase in CNI attacks not only in the United States but also in the United Kingdom and the rest of Europe.,” says Scott Nicholson, Data privacy specialist, and cybersecurity Director. Bridewell Consulting, as well as a consultant for the NCSC of the United Kingdom.
Cyberattack on the Colonial Pipeline in the United States – May 2021
A cyberattack in May knocked out a key US fuel pipeline that transports 45% of the East Coast’s jet fuel, petrol, and diesel. The perpetrators of the attack were able to take nearly 100 terabytes of data and threaten to release it on the internet.
The attack on Colonial Pipeline exemplifies the growing threat that ransomware poses to important national industrial infrastructure. As per the Information Commissioner’s Office in the United Kingdom, human error is involved in more than 90% of attacks. According to Ava Security, protecting important national infrastructure from social engineering attacks is critical.
We are more vulnerable to cyber dangers than ever before as a result of the rise of remote working. Hackers are adept in social engineering, and they’ll utilize any information they can get their hands on to get access to various entrance points or routes. User education and cyber awareness are used as a preventative strategy to ransomware defense.
Safety Vs Security Dilemma
The perception of a cyber attack and the real threat to CNI are vastly different. In the last 12 months, 86% of organizations have noticed cyber intrusions on their OT/ICS infrastructures. The most successful attacks have occurred in the water and transportation sectors.
Remediation and Vulnerability on OT devices happen just ‘once or twice a year,’ leaving a backdoor available to malicious attackers. The most recent attacks reveal a change in cybercriminals’ motivations.
Scott Nicholson of Bridewell agrees: “In the context of industrial controls, consistency and service availability are critical, however software upgrades are considered risky. Patching and maintaining systems up to date can be difficult for OT organizations,” he adds.
The convergence of key operational technology, IT networks, and the internet for remote management is becoming increasingly important. With the IoT, the advantages of connectivity have become more apparent. However, this inherently expands the attack surface and introduces a wider spectrum of threats.
“As a result of COVID-19, which mandated security teams to make production control networks available remotely to keep systems operating, several critical infrastructure sites were forced to make an abrupt change to staff working from home,” explains Nozomi Networks co-founder Andrea Carcano. Unfortunately, for attackers, remote access is generally the quickest way inside a network.”
Adds Scott Nicholson: “Their networks must be kept as separate from the internet as feasible.” The Purdue model, which was first established in the 1990s and is a hierarchical structure for industrial communications, can be used to do this.
Physical security is impressive, yet it is insufficient
A developing problem is the usage of remote desktop PCs to monitor critical infrastructure. According to one expert, power plant operators may be able to listen to music while remotely monitoring the plants using their computers.
The challenges aren’t going away on their own. With the rise of the Internet of Things and demand for drones and autonomous cars, the threat of assault will only grow, as will the demand for working remotely.
Attacks on healthcare organizations and the fight against COVID serve as “dramatic reminders that the systems we respond to are high-value targets that are susceptible and at constant danger of attack,” according to Andrea Carcano, CTO for Europe, the Middle East, and North Africa at Nozomi Networks.
Five Steps That Assist In Preventing Attacks On Critical National Infrastructure
- Secure remote access – In many cases, this is the simplest way for attackers to get access to a network. Managers must use endpoint protection, excellent password hygiene, and network firewalls to secure remote access.
- Creating assets inventory – It’s impossible to safeguard or partition the network for improved resilience if you can’t see all of the devices on it. Security teams may gain accurate visibility into their devices, connections, messages, and protocols by maintaining a real-time inventory of all network assets.
- Recognize and fix vulnerabilities – Thousands of IoT and OT devices from a variety of manufacturers are found in industrial networks. However, most aren’t built to withstand the level of protection demanded by vital infrastructure. Tools that use the NVD to identify system vulnerabilities can help determine which devices are at risk, prioritize, and suggest firmware updates.
- Anomalies Monitoring – Artificial intelligence is utilized in automated network anomaly detection solutions to execute anomaly detection against the actual parameters required to regulate the industrial process.
- Integrate OT and IT networks –OT understands how to accomplish production goals and keep the plant running safely, while IT can handle cybersecurity and networking concerns. Combining the two can improve resilience while lowering blind spots and security risks associated with increasingly linked industrial control systems.
In this article, we have comprehended the extreme levels of vulnerability that affected different corporations. We have analyzed the real scenario of a Cyberattack on the Colonial pipeline in the US which occurred in 2021 to understand the dangers of cyberattacks. The intrusions on technologies like IoT and IT networks in terms of safety and security are explored. Finally, we have discussed the preventive steps that include securing the remote access, creating the assert inventories, identifying and fixing the vulnerabilities, monitoring the Anomalies, and integrating OT and IT networks. Implementing these steps successfully secures the network’s infrastructure from attacks.
Follow techiemag for more!