When you think of a cyberattack, you may picture damage done to web servers, databases, and servers. In these kinds of threat vectors, the main goal is to steal the proverbial “crown jewels” of a company, which includes the Personal Identifiable Information (PII) datasets of both employees and customers. Ultimately, these are sold on the Dark Web, where a rather nice profit can be gained.
But cyberattacks can reach other realms as well. These include attacks on critical infrastructure to attempt to disable them for long periods of time, in effort to cause as much havoc as possible. In this regard, critical infrastructure includes such avenues as the water supply, oil and gas lines, nuclear facilities, the national electric grid, and even the food distribution channels.
Believe it or not, these targets are easy for the attacker, because these systems are rather old by nature and possess legacy security systems which have not been upgraded in a very long time. In this blog series, we will focus more on these types of attacks.
- Attacks on the Power Grids in the Ukraine: This attack occurred in December 2015. The electric grid still made use of the traditional Supervisory Control and Data Acquisition (SCADA) system, which had not been upgraded in some time. This cyberattack impacted about 230,000 residents in that area who were without power for a few hours. Although this threat variant was short lived, it illustrates the weaknesses of the critical infrastructure. For example, the traditional spear phishing email was used to launch the threat vector and just a year later, the same type of email was used to attack an electrical substation near Kiev, causing major blackouts for a long period of time.
- New York Water Supply Lines Attack: The Rye Brook Water Dam was the target of this attack. Although the actual infrastructure was small in comparison, the lasting repercussions were magnanimous as this was one of the first instances in which a nation state actor was blamed (Iran). Furthermore, the malicious threat actors were able to gain access to the command center of these facilities by using an ordinary dial up modem.
- Impacts to the ACH System: Although the global financial system may not fit into the classical definition of critical infrastructure, the impacts felt by any cyberattack can be just as great. In this threat variant, SWIFT Global Messaging system was the primary target. This is used by banks and other money institutions to provide details about the electronic movement of money which includes ACH, Wire Transfers, etc. This is a heavily used system worldwide, as almost 34 million electronic transfers make use of this particular infrastructure (SOURCE: 1). The Lazarus Cyberattack group, originating from North Korea, were able to gain a foothold into the banks by using hijacked SWIFT login username and password combinations. This attack has been deemed to be one of the first of its kind on the international banking sector.
- Damages to Nuclear Facilities: One of the well-known cyberattacks to this type of infrastructure impacted the Wolf Creek Nuclear Operating Corporation in Kansas. In this instance, spear phishing emails were leveraged against key personnel working at these facilities, who had specific control and access to the controls at this nuclear facility. Although the extent of the damage has been kept classified, this situation demonstrates how vulnerable the U.S.-based nuclear facilities are. For example, if a cyberattacker were to gain access to one, they could move in a lateral fashion to other nuclear power plants, causing damage in a cascading style, with similar or greater effects of a thermonuclear war.
- Attack on the Water Supply: The most well-known attack happened recently in Oldsmar Florida. Although the details of this cyberattack are still coming to light, it is likely the hacker was able to gain control by using a remote access Tool, such as Team Viewer. There were other grave weaknesses in the infrastructure as well, including an outdated operating system (OS) and poor password enforcement (such as not creating long and complex ones and changing them frequently). In this instance, the attacker intended to cause damage to the water supply system while affecting the health of the residents that drank the water by poisoning it with a chemical-based lye. Luckily, an employee was able to quickly notice what was going on and immediately reversed the settings implemented by the attacker. However, is it still not known yet whether this hack occurred outside US soil or from within. Regardless, domestic-based cyberattackers are as much of a threat as the nation-state actors to our critical infrastructure.
While this article has provided a sample of the of cyberattacks that have occurred, it illustrates a clear, yet alarming fact: Phishing Emails can cause catastrophic damage to critical infrastructure with far deadlier impacts than that of 9/11. If you feel as though your business needs a strong security partner, please contact our security experts today.