Have you ever considered what you would do if the electricity went out for days? Many of us have plans for lighting, such as candles or flashlights, and some have generators or solar power. But have you thought about what you would do if you had no access to water, plumbing, or healthcare? It's a scenario many of us don't often consider, but it's a real possibility if cyber attackers were to infiltrate the systems that control our water treatment plants, power grids, healthcare facilities, and other vital networks essential to our everyday lives.
Ways threat actors deliver payloads
Our increased reliance on technology in critical infrastructure has heightened the risk of cyber threats and expanded the attack surface. Attacks of this scale can come from various threat actors, but the most likely actor capable of such magnitude would be a Nation-State. Nation-state actors possess significantly more resources and funds than average hacker groups. These State-sponsored actors have the motivation to target specific countries for espionage or geopolitical leverage. The types of attacks on these Industrial Control Systems (ICS) can range from DDOS attacks to Ransomware attacks and everything in between. The delivery of these payloads may differ as well, but there are three main ways threat actors could deliver payloads to these networks:
Exploitation of Internet-Facing Systems
These systems are often misconfigured and accessible via tools like Shodan.io. There is no reason these systems should be connected to the internet, and they are often set up with weak passwords vulnerable to brute force attacks.
Insider Threats
Insider threats can be extremely difficult to prevent, as many employees of critical infrastructure are not required to undergo polygraphs or pass through security checkpoints. Implementing such measures could prevent the transportation of an implant into the facility that infects the network. Malicious payloads can be uploaded to a normal-looking USB drive and easily inserted, making these actors extremely dangerous.
Supply Chain Vulnerabilities
Little to no screening occurs for third-party manufacturers of critical infrastructure equipment. Whether it’s transformers, Programmable Logic Controllers (PLC), or any other type of technology, they can all be vulnerable to actors installing malware. This equipment would then be installed in these facilities, and malware such as a “logic bomb” might lay dormant until specific conditions are met to execute it, making it extremely difficult to determine when and where the attack came from.
Mitigating attacks
There are a few things Critical Infrastructure facilities can do to mitigate these types of attacks. The first is to update their systems, as most of these technologies are extremely old and have known CVEs. The second is to segment their network and keep their devices disconnected from the internet; this can prevent the discovery and traversal of these systems from a remote location. Next is to implement strict access control and physical security policies in these facilities to prevent insider threats from gaining privileged access and installing malware. The final way to mitigate these kinds of attacks is to audit and screen these third-party companies who are supplying technologies to Critical Infrastructure facilities; this can prevent supply chain attacks on these systems.
As our reliance on critical infrastructure continues to grow, so does the need to safeguard these vital networks from cyber threats. By implementing these practices, we can mitigate the impact of cyber risks and ensure the continued operation and safety of essential services for all.
