As the internet grows and technology improves, industries have become increasingly reliant on them. Unfortunately, this has inadvertently led to increased threats of cyberattacks. Everyday we see a rise in cyberattacks and they are getting more serious. In nearly every industry, the threat of cyberattacks has become a pressing concern.
Cyber threats are everywhere, with no industrial organization safe. Especially vulnerable to cyberattacks are industrial control systems that manage critical infrastructure such as power grids and water treatment plants. The world has witnessed several high-profile attacks on industrial targets in recent years. These attacks exemplify how cybercriminals can cripple operations, destroy businesses, ruins someone's life and a nation’s economy. This highlights the need for companies to increase their cybersecurity measures.
In this article we review the nature of industrial cyberattacks, their potential consequences, and some measures to mitigate the risks.
What Is a Cyberattack?
A cyber-attack describes a malicious attempt to breach and compromise information systems, networks, devices, or data. Cyberattackers typically seek to gain unauthorized access to sensitive information, steal valuable data, disrupt operations, or extort money.
Cyberattacks can take several forms, including phishing, malware, ransomware, denial of service (DoS) attacks, social engineering, and more. Targets are usually individuals, organizations, governments, or critical infrastructure.
The United States government has enacted some policies to prevent and minimize industrial cyberattacks. Recent cyber updates and policies include:
- On January 19, 2022, U.S. President Joe Biden signed an Executive Order to improve cybersecurity. In it, he said that "The private sector must adapt to the continuously changing threat environment."
- On July 21, 2022, the Transportation Security Administration (TSA) announced a new policy. This policy mandates pipeline operators to report cyberattacks to the federal government within 12 hours of occurrence.
- On June 12, 2021, the U.S. White House released a memo for business leaders and corporate executives. The memo urged them to take immediate, effective steps to prevent ransomware risks.
- On June 3, 2021, the U.S. Department of Justice announced that it will give ransomware attacks the same priority as terrorism.
Recent News about Industrial Cyber attacks
Industries across the United States are constantly fielding cyberattacks from different malicious entities. Some of these hackers (aka actors) have been successful. Incidents of industrial cyberattacks have been frequently in the news in the past few years. Here are some of them.
~LastPass Hack
~On December 22, 2022, LastPass revealed that cyberattackers had breached their information and obtained extensive data from user accounts. Data stolen included billing and email addresses, end-user names, telephone numbers, and IP address info. Also leaked was vault data, including unencrypted data (website URLs) and encrypted data (usernames, passwords, secure notes, and form-filled data).
~The online password management service thought the worst was over. Little did they know that the previous hack opened their system up to a more serious data breach. On January 23, 2023, GoTo, LastPass’s parent company, revealed some troubling developments in a press statement. Apparently, LastPass’ initial hack had also compromised a number of its other products. Affected products included:
- Join.me – online meetings service
- Remotely Anywhere – remote access business tool
- Hamachi – hosted VPN service
- Central – business communications tool
~This breach is a privacy disaster for LastPass and all its individual users. So, while an MFA layer can't protect from this, as the hacker got into Last Pass' back end, this is one of those instances that is more rare.
~Colonial Pipeline
~Colonial Pipeline is one of the United States' largest fuel pipelines servicing 45% of the U.S.’s East Coast supply. In May 2021, DarkSide, a cybercriminal group, halted their operations as the result of a ransomware attack. Colonial Pipeline was forced to shut down their operation of its 5,500 miles of pipeline.
~Colonial Pipelines eventually paid a ransom of $4.4 million to DarkSide to get back the system's control. Once they received payment, the cyber attackers gave Colonial Pipeline access to its disabled computer network.
~Water Treatment Plants
~There have been multiple attempts and attacks on water and wastewater system facilities in our country. Cyberattackers raised the amount of sodium hydroxide (lye) at a local water plant in Oldsmar, Florida using remote access software. Thankfully, the attack was caught and aborted before the water levels could change, saving the community from lethal exposure.
~JBS USA
~The world's largest beef supplier, JBS USA Holdings, Inc. (JBS), has also suffered a ransomware attack. This cyberattack threatened the U.S. meat supply. The attacker, known only as REvil or Sodinokibi, took over the system, consequently shutting down some operations in Australia, Canada, and the United States.
~After the attack, JBS USA maintained control over a majority of its operations. But they still had to pay $11 million ransom in bitcoin to retrieve the rest of the system.
Popular Industrial Hacker Motives
Today, Industrial cyberattacks are a growing concern. Cybercriminals are constantly attempting to gain unauthorized access to sensitive information. The motives behind these hacking are varied, but understanding them is essential for organizations to protect data and assets from potential threats.
Primary motives include corporate espionage, political agendas, personal gain, and terrorism.
~Corporate Espionage
~Corporate espionage is a common motive for industrial hackers. Cybercriminals target an organization’s information system to steal confidential information, trade secrets, and other sensitive data which can then be sold to competitors, used to gain a competitive advantage, or held for ransom.
~Political
~Political hacking involves targeting government institutions or political organizations to access confidential information or disrupt operations. Political hackers typically aim to steal military secrets, influence election outcomes, or disrupt critical infrastructure. The consequences of political hacking can be severe and can lead to national security threats, diplomatic tensions, and economic damage.
~Personal Gain
~Personal gain is another primary motive for industrial hackers. Hacking into systems to steal personal and financial information for financial gain includes stealing credit card information, bank account details, and other personal information. They, in turn, use them for fraudulent activities.
~Terrorism
~Terrorist groups may also engage in industrial cyberattacks to achieve their political or social agendas. This can involve targeting critical infrastructure such as power grids, transportation systems, and communication networks. The result of cyberattacks by terrorists can be catastrophic and can result in massive disruptions and even loss of life.
What Successful Attempts Can Lead To
Cyberattacks are becoming increasingly sophisticated;successful attempts can have devastating consequences. Some of them are as follows:
~The Fall of a Corporation
~The fall of a corporation is a nightmare scenario. It can be triggered by several factors, including cyberattacks. For instance, cyberattacks can cripple a company's IT infrastructure, compromise sensitive data, or damage a company's reputation. In some cases, these attacks can lead to the theft of intellectual property, putting the company's competitive edge in jeopardy. Without proper cybersecurity measures in place, corporations are vulnerable to cyberattacks that can put their brand, service, or product at risk, and ultimately lead to their downfall.
~Financial Downfalls
~Financial downfalls are a common consequence of cyberattacks; they can result in fines and the loss of revenue. A successful cyberattack can include theft of sensitive financial information, such as credit card details or account details. These can then be sold on the dark web for a high price. The reputational damage from industrial cyber attacks can lead to a sharp decline in customer confidence and lost revenue. In some cases, companies may have to pay hefty fines for negligence. Many companies never recover from a major hack.
~Access to Millions of People PII (Personal Identifiable Information)
~Another significant consequence of a successful cyberattack is the theft of personal identifiable information, known as PII. Some examples of PII can include social security numbers, birth dates, and medical records. Cybercriminals use this personal information for a range of malicious activities ranging from identity theft, to financial fraud, and even extortion.
~Supply Chain Interruptions/Breakdowns
~Supply chain interruptions and breakdowns are common consequences of cyberattacks. What’s more, they can have far-reaching consequences. A cyberattack on a company's IT infrastructure can disrupt the flow of goods and services, leading to lost revenue and reputational damage. In most cases, industrial cyber attacks compromise the security of the supply chain, putting the integrity of the products at risk.
~Downed Power Grids
~Cyberattacks can have a devastating impact on critical infrastructure, such as power grids. A successful attack on a power grid can result in blackouts, leaving millions without power. This disrupts business operations, providing a cover for criminal activities, and could spark social unrest.
Top 5 Security Precautions for All Organizations
When highlighting the motives for industrial cyber attackers it’s important to knowhow companies can protect themselves.
~1. Cyber Security Starts Right Away
~Companies should ensure their think about cybersecurity from the beginning of their operations. Incorporate cyber protection at the concept phase ensures security-by-design and supply chain risk management will always a part of your organization.
~2. Take Cyber Security Seriously
~Industrial cybersecurity is not a “nice-to-have” add-on, it is obligatory for any organization that takes itself seriously. Always have a plan, appropriate programming, skilled professional capabilities, and investment to mitigate against cyber risk. Educating employees about best practices for cybersecurity is also key. This can involve training sessions, workshops, and informational resources to raise awareness about common cyber threats and the importance of practicing safe online behavior.
~3. Knowing What to Protect
~Prioritize what needs to be protected and protect that. Keeping a robust, organized inventory management system helps to determine where to start. The cybersecurity landscape is constantly evolving, with new vulnerabilities and attack angles emerging regularly. It is crucial to stay updated on the latest security news, subscribe to reliable industry publications, and participate in relevant training programs or workshops.
~4. Managing Your Vulnerabilities
~Once you know what needs to be protected, address your vulnerabilities and plug the holes in your defense system. Perform regular audits and assessments to uncover weaknesses that could be exploited by cybercriminals. Engage the expertise of cybersecurity professionals who can conduct comprehensive penetration testing, be an outside evaluator of security protocols, and who can provide customized recommendations for strengthening our defenses.
~5. Set Up Visibility and Control Systems
~Although everything may be in place, the work is not done. Next steps include setting up a comprehensive monitoring and response program. Establishing a comprehensive backup and recovery plan is vital. Regularly backing up important files and data to secure offsite or cloud storage ensures that even if a cyber-attack occurs, you’ll recover and restore information without significant disruption. Equally crucial is testing backup systems periodically to confirm their effectiveness and reliability.
