Top
image credit: Pixabay

Protecting Critical Infrastructure in the Age of Ransomware

October 29, 2021

Category:

The recent increase in ransomware attacks has highlighted vulnerabilities in critical infrastructure and the ease of affecting component systems. As the paradigm shifts, important preemptive measures must be taken. 

A New Generation of Critical Infrastructure

A decade ago, critical infrastructure was primarily limited to air traffic control and power generation and transmission, and security regulations were tightly focused on these areas. Today, however, there is a realization that critical infrastructure encompasses much more, from stormwater systems to household waste processing, telecommunications providers, hospitals, financial services, pipelines, and more.

Cyberattacks and ransomware assaults pose a greater risk to critical infrastructure than a non-digital external threat, and the size and extent of the infrastructure have little to do with the scope of the risk.

Ransomware is based on phishing cyberattacks or the exploitation of digital and human vulnerabilities, whereby data held by the victim is encrypted. A sum of money in virtual currencies is then requested for decryption. As cyber threats become increasingly sophisticated, the threat posed by ransomware can be expected to grow, and the actions taken to protect critical infrastructures need to evolve.

Crime-as-a-Service (CaaS)—Advanced Phishing for Amateurs

The development of CaaS also plays an important role in the development of ransomware cyberattacks. In this practice, experienced hackers sell access to the tools and knowledge required to conduct phishing attacks.

Thus, CaaS provides an amateur with whatever is needed to carry out an attack, ranging from email templates to detailed lists of targets. There is also an option for hackers to purchase already compromised servers, thereby minimizing the risk of being caught. In addition, the trend is to simplify the way a cyberattack is carried out. With these new tools, malicious attacks and ransomware events are becoming increasingly dangerous and destructive. 

Threat Vulnerabilities and Prevention in Critical Infrastructure

Ideally, in this situation, there should be a specialist or a team of specialists that can check how cybersecurity policies are implemented, come up with solutions to improve them, determine the resilience of critical infrastructure, and, where necessary, force the implementation of minimal policies.

These could include measures to isolate critical systems from the internet, replacing single-factor password-based authentication with multi-factor authentication, including through the use of digital certificates generated by a public key infrastructure (PKI) based on modern cryptography, covering key information security objectives. 

Unfortunately, the implementation of such regulatory standards takes time. Despite this, it is worth mentioning that safety measures in critical infrastructure have improved and become increasingly prioritized over the last 50 years. This follows numerous high-profile incidents, such as the Bhopal chemical disaster, the Texas City refinery explosion, and the Deepwater Horizon oil spill.

Key Steps in Protecting Critical Infrastructure

Entities that own such infrastructures need to take steps to mitigate these serious risks. Key steps to take could include:

Identifying critical systems

This entails identifying systems that require service and determining their resilience in the event of a cyberattack.

Assessing and identifying those that pose a disproportionate risk

There may be risk situations in certain critical infrastructures whose business relies on highly specialized IT systems, but which are running old, outdated operating systems. This requires upgrading or replacing older systems that are more vulnerable to cyberattacks.

Assume an attack will happen

Develop a scenario answering questions about how to recover critical systems in the event of a cyberattack, which components can be further protected, and how this can be achieved.

Be open to external guidance

Securing critical infrastructure requires regulatory oversight, and it takes time to develop and implement effective security protocols. In the meantime, businesses may look to other similar industries that have been the target of cyberattacks. Their resilience or proactive mitigation measures can be taken as a best practice model, and the implementation of comparable security protocols may be indicated.

Segmenting the network and hiding it 

Segmenting the network, placing critical data and systems behind a firewall, and limiting access to only those who need the data is a must for most businesses.

Encrypting files and implementing multi-factor authentication

Encrypting files, emails, and databases (e.g., using PKI certificates) is also recommended. In the event of exfiltration of sensitive data, attackers will not be able to access this information. Digital certificate-based authentication within sensitive systems or multi-factor authentication can guarantee that the people logging in are real.

Threat actors have been able to compromise critical infrastructure like industrial control systems (ICS) and other operational technology (OT) assets more often lately. Compromises of exposed OT assets have risen over the past 18 months, according to threat researchers at Mandiant, with attackers using readily available tools and common techniques to gain access to the systems. Defense is best addressed by implementing security best practices and gaining situational awareness about the threat exposure of assets and data.