The U.S. Department of Homeland Security (DHS) categorizes critical infrastructure as physical or virtual systems or assets so vital to the country that any disruption or destruction of such service would significantly impact the economy and society as a whole.
With most critical infrastructure in the West being privately owned (over 80% in the U.S.), there are varying levels of security measures. Knowing this, threat actors, especially ransomware gangs, have ramped up their efforts to disrupt these services, which can devastate the national economy.
Cyberattacks on critical infrastructure can hurt individuals, businesses, public services, and other crucial entities for daily life and operations.
Critical infrastructure sectors that could be targeted in cyberattacks include:
- Chemical sector
- Emergency services
- Government facilities and others.
In May 2021, Colonial Pipeline, which operates an oil pipeline that transfers oil to the Midwestern United States, was hit by a ransomware attack. The attack caused a major disruption in services and a rapid surge in gas prices. Colonial Pipeline had to pay approximately $4 million worth of Bitcoin to restore their systems, although the Department of Justice later recovered more than half.
U.S. security services started to report Russian government-backed cyberattacks in 2018, targeting government entities, facilities, and other critical infrastructure.
With the experience gained from previous attacks, cybersecurity agencies can understand their main TTPs (Tactics, Techniques, and Procedures.) Below are some of the ways threat actors were able to penetrate security systems:
- Phishing emails
- Network targeting
- Credential gathering
- Watering-hole domains and more as new attacks emerge.
Hackers mainly target digital devices with software or hardware vulnerabilities. In the case of Colonial Pipeline, hackers gained access through a compromised password.
U.S. Senate Passes Cybersecurity Bill
On March 1st, the U.S. Senate passed the “Strengthening American Cybersecurity Act,” which imposes new regulations for critical infrastructure owners when dealing with cyber threats or attacks.
The new legislation requires cybercrime victims to report attacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours. If ransomware is involved (as it often is,), they will have to report it within 24 hours.
The Senate hopes that the new legislation will give a clear picture of cyberattacks occurring across the U.S. and enable an appropriate government response.
Any Ukraine-based company for the next 6 months can get entirely free access to SecurityScorecard’s enterprise license to protect themselves from malware resilience in light of ongoing cyber-attacks. We are also providing them with free access to SecurityScorecard forensics remediation team to deal with ransomware issues or to recover from any outage. Simply email Ukraine@securityscorecard.io
Our Threat Research & Intelligence team has been analyzing the scope, impact, and attribution of cyber-attacks involving both Russia and Ukraine. We are partnering with U.S. authorities to further aid their efforts.