Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label CNI. Show all posts

2024 CrowdStrike Outage Reveals Critical IT Vulnerabilities

 


The CrowdStrike outage in July 2024 exposed significant weaknesses in global IT supply chains, raising concerns about their resilience and dependence on major providers. The disruption caused widespread impact across critical sectors, including healthcare, transportation, banking, and media. Key services—such as parts of the NHS, international transport hubs, and TV networks—experienced significant downtime, highlighting vulnerabilities in centralized IT systems.

The outage was attributed to a faulty software update for Microsoft Windows users provided by cybersecurity firm CrowdStrike. Initial fears of a cyberattack were ruled out, but the incident shed light on the inherent risks of reliance on a few dominant providers in global IT supply chains. Experts warned that such dependencies create singular points of failure, leaving essential infrastructure exposed to systemic disruptions.

One of the most affected sectors was healthcare, where operations in the NHS were forced to revert to manual methods like pen and paper. Dafydd Vaughan, chief technology officer at Public Digital, emphasized the dangers of monopolistic control in critical services. He highlighted that EMIS, a provider serving over 60% of GP surgeries in England and Wales, dominates the healthcare IT landscape. Vaughan advocated for increased competition within IT supply chains to mitigate risks and enhance resilience.

Far-Reaching Impacts

The repercussions of the outage extended beyond healthcare, disrupting transport systems, banking operations, and broadcasting networks. These interruptions prompted calls for enhanced safeguards and reinforced the need for robust IT infrastructure. Recognizing the severity of these vulnerabilities, the UK government elevated data centres to the status of critical national infrastructure (CNI). This designation ensures they receive additional protection and resources, similar to essential utilities like water and energy.

Government Response and Future Legislation

In response to the crisis, the Labour Government, which assumed power in July 2024, announced plans to introduce the Cyber Security and Resilience Bill in 2025. This proposed legislation aims to expand regulatory oversight, enforce stringent cybersecurity standards, and improve reporting protocols. These measures are designed to fortify national defenses against both outages and the escalating threat of cyberattacks, which increasingly target critical IT systems.

The CrowdStrike incident underscores the pressing need for diversified and resilient IT supply chains. While the government has taken steps to address existing vulnerabilities, a sustained focus on fostering competition and enhancing infrastructure is essential. By proactively preparing for evolving threats and ensuring robust safeguards, nations can protect critical services and minimize the impact of future disruptions.

Email Attacks Target 80% of Key Infrastructure Firms, Study Reveals

 


Strong security for emails is one of the top concerns of CNI dealing companies. According to a recent OPSWAT report, 80% of CNI companies reported an email-related security breach in the past year. Malicious emails are being exploited to target essential services, and email-based attacks are increasingly used as a key strategy for gaining unauthorised access.

CNI organisations, such as utilities, transportation, telecommunications, and data centres, are prime targets for cybercriminals. The appeal lies in the widespread disruption a successful attack can cause. For example, a report from Malwarebytes highlighted that the services industry, which includes many CNI sectors, has been heavily impacted by ransomware, accounting for nearly a quarter of global attacks.

Email attacks prove to be particularly effective, according to a report by OPSWAT, which polled 250 IT and security leaders of CNI firms. For instance, CNI organisations experienced 5.7 phishing incidents, 5.6 account compromises, and 4.4 instances of data leakage per year for every 1,000 employees. Yet still, more than half of the respondents assumed that email messages and attachments were safe by default.

Why Cybercriminals Target Emails

Emails are a straightforward way for attackers to deliver phishing scams, malicious links, and harmful attachments. Once opened, these can give hackers access to critical systems. More than 80% of CNI organisations believe that email threats will increase or stay the same over the next year, with phishing, data theft, and zero-day malware attacks being the most likely.

As operational technology (OT) and IT systems become more connected, the risk grows. The report warns that fewer OT networks are isolated from the internet today. This interconnection means a single email attack could spread from IT to OT systems, causing further damage and enabling attackers to launch new attacks from within the network.

UK Steps up Data Center Security End

Data centres have just been designated by the UK government as critical national infrastructure, thus putting them in a category qualifying for further protection from growing cyber threats. This is the first new CNI designation since 2015. The measure aims to enhance the security of these critical facilities that guarantee the running of all services across the country pretty slickly.

This change also means that data centres will receive more government support in the event of cyber incidents, including access to the National Cyber Security Centre and emergency services when necessary. However, the increased designation also comes with tighter regulations, including the need for physical security measures, audits, and updated contingency plans.

Despite the serious threat email attacks pose, most CNI companies struggle with compliance. As revealed in the OPSWAT report, 65% of leaders admit that their organisations do not meet regulatory standards. However, for EMEA companies, this number goes down to 28%. Poor compliance leaves these organisations more vulnerable to attack.

Recent data shows that cyber attacks on CNI organisations are on the rise. The NCC Group’s latest Threat Pulse found that in July alone, 34% of ransomware attacks targeted CNI, up from 32% in June. Experts suggest that cybercriminals may now feel less concerned about consequences from law enforcement. Initially, ransomware groups avoided high-profile targets like hospitals to avoid severe crackdowns. However, recent attacks on CNI suggest they are no longer holding back.

Legacy Technology: The Soft Underbelly 

One of the biggest issues facing CNI companies is their reliance on outdated technology. The National Cyber Security Centre’s 2023 Annual Review noted that many critical infrastructure organisations still use legacy systems that are not regularly updated, making them easy targets for cyber attacks. These systems are often decades old and lack basic security features, making it easier for attackers to exploit them. A Microsoft report from May supported these findings, showing that security measures for OT systems are often inadequate, making attacks on water and other key infrastructure systems both attractive and easy for hackers. As cyber threats continue to rise, the need for CNI companies to update their technology and strengthen their security protocols becomes increasingly urgent. 

As email attacks continue to plague critical infrastructure organisations, it’s clear that a stronger approach to email security is needed. OPSWAT’s report stresses the importance of prevention, urging CNI companies to prioritise email security measures to protect their networks. With cybercriminals targeting these vital systems more than ever before, improving defences against email-borne threats is essential for ensuring the security and stability of national infrastructure.

CNI companies are facing a growing threat from email-based cyber attacks. As technology develops and attackers become more sophisticated, it’s crucial for organisations to update their security measures and comply with regulations to safeguard their operations. Email remains a key entry point for cybercriminals, and without the necessary precautions, the consequences could be severe.



Protecting the World's Energy Systems: Physical and Cybersecurity Need to Coexist

 

Critical national infrastructure (CNI) is under greater physical threat than ever. It is still unknown who was responsible for the attack that destroyed at least 50 metres of the Nord Stream 1 and 2 underground pipelines that once carried Russian gas to Germany. 

More recently, Russia has also changed the focus of its conflict in Ukraine to attack energy infrastructure with its own missiles and drones supplied by Iran, known as the Shahed-136. Volodymyr Zelensky, the president of Ukraine, stated in a tweet on October 18 that "30% of Ukraine's power stations have been destroyed, causing massive blackouts throughout the country," and in a meeting with Kadri Simson, the European Commissioner for Energy, on November 1, Zelensky stated that between "30% and 40% of [the country's] energy systems had been destroyed." 

Increasing threat to cybersecurity

The conflict in Ukraine and the escalating tensions between the East and West aren't the only significant threats to our CNI, though. A growing cybersecurity threat is also present. The Houston, Texas-based Colonial Pipeline, which transports gasoline and jet fuel to the southeast of the United States, had to halt all of its operations on May 7, 2021, in order to stop a ransomware attack. 

Hackers gained access to the company's systems through a VPN (virtual private network) account in this attack, which allowed staff to log in remotely using a single username and password obtained from the Dark Web. Shortly after the attack, Colonial paid the hackers—affiliates of the cyberterrorist organisation Darkside with ties to Russia—a $4.4 million ransom. 

A threat group known as Sandworm, which is allegedly run by the Russian GRU's cybermilitary division, attempted to shut down an unnamed Ukrainian power company less than a year later. The State Service of Special Communications and Information Protection of Ukraine (SSSCIP) said in a statement that the attackers "attempted to take down several infrastructure components of their target, including: Electrical substations, Windows-operated computing systems, Linux-operated server equipment, [and] active network equipment." 

The attempted intrusion involved the use of ICS-capable malware and regular disc wipers, according to Slovak cybersecurity firm ESET, which worked with Ukrainian authorities to analyse the attack. The adversary also released an updated version of the Industroyer malware. 

According to ESET, "the Sandworm attackers attempted to use the Industroyer2 malware against high-voltage electrical substations in Ukraine." It is believed that the victim's power grid network was breached twice, with the first intrusion occurring around the time of Russia's invasion of Ukraine in February 2022 and the second intrusion taking place in April, which enabled the attackers to upload Industroyer2. 

Environmental Digitization

It is now beyond question that cybercriminals pose an ever-increasing threat to critical national infrastructure, according to John Vestberg, CEO of Clavister, a Swedish company that specialises in network security software. CNI, such as oil and gas, is a key target for ransomware gangs, he continues. He thinks that energy companies and their suppliers need to use predictive analytics, tools like artificial intelligence (AI), and machine learning (ML), and a more proactive approach to cybersecurity as opposed to a reactive one. 

The CEO and founder of Flexxon brand X-PHY, Camellia Chan, agrees: "It's crucial that CNI organizations never take their eyes off the ball." In order to detect every type of attack and contribute to the development of a more effective cybersecurity framework, it is crucial to embrace emerging technology, such as AI, as part of a multilayered cybersecurity solution. Neither are the well-organized, frequently state-sponsored ransomware gangs CNI organisations deal with the only issue. Part of the problem is that as industrial organisations (including utilities like water and energy companies) digitise their environments, they are much more exposed than in the past to potential security flaws and vulnerabilities. 

Grid Edge Danger 

The potential for large rewards is one of the things that draws cybercriminals to target energy companies, according to Trevor Dearing, director of critical infrastructure solutions at zero-trust segmentation company Illumio. Many gangs are realising that businesses are more likely to pay the ransom if they can stop the service from being delivered to customers rather than just stealing data, he claims. 

He adds that the fact that energy systems no longer only consist of the conventional grid with power plants and power lines is another issue. The "grid edge," which consists of decentralised devices like smart metres, solar panels, and batteries in people's homes and businesses, is what's emerging in its place. When threat actors used a known vulnerability in Cisco firewalls to disrupt communications over the course of about 12 hours in March 2019, the Utah-based company sPower, which owns and operates more than 150 generators in the US, was thought to be the first renewable energy provider to be targeted by a cybersecurity attack. 

The inverters in renewable energy systems are one area where they are particularly open to attack. These act as a bridge between solar panels and the grid, converting the DC (direct current) energy produced by PV (photovoltaic) solar panels into AC (alternating current) electricity supplied to the mains. The inverter's data could be intercepted and manipulated in a manner similar to earlier attacks in the US and Ukraine if its software isn't up to date and secure. Additionally, a hacker could insert malicious code into an inverter to spread throughout the larger power system, causing even more harm. 

The co-author of a 2018 paper evaluating the cybersecurity risk of solar PV, Ali Mehrizi-Sani, an associate professor at Virginia Polytechnic Institute and State University, claims that hackers can artificially cause a PV system to malfunction in order to launch cyberattacks against the inverter controls and monitoring system. In November 2020, he told the website PV Tech, "This is a vulnerability that can be, and has been, exploited to attack the power system." Since the technology hasn't yet reached critical mass, the risk of a cybersecurity attack on solar power networks is currently low. 

However, as the industry becomes more decentralised, with solar panels installed in public spaces and on top of buildings, managing networks will depend more and more on strong, cloud-based IoT security.

Greater Control 

Implementing standards is one way that both organisations and governments can guarantee the highest levels of CNI protection. The ISO 27001 family of standards for information security management systems (ISMS) are required of all network providers, operators, and other CNI businesses in Germany, for instance, and there are obligations set forth in the UK's BSI Criticality Ordinance to demonstrate a comprehensive IT security strategy to secure the operation of critical infrastructure. 

Similar to how NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) governs critical infrastructure in the US, this set of regulations only applies to the electricity sector and excludes the oil and gas sectors. Cliff Martin, head of cyber incident response at GRCI Law, a legal, risk, and compliance consultancy firm, asserts that personnel in charge of CNI must receive the appropriate training and comprehend that their actions may have real repercussions. This means they are unable to simply transfer existing traditional IT cybersecurity measures to the IT environment because that is simply not how it works.

But according to Illumio's Dearing, an increasing number of businesses are creating a single strategy for both OT and IT environments. "He explains that the secret is to prepare as though you will be attacked. An attack on one part of your infrastructure won't necessarily have an impact on the other parts if you segment it by separating out all the various components." 

Companies have been made aware of the physical threat to energy infrastructure, especially during the coldest months of the year in the northern hemisphere, thanks to the conflict in Ukraine and the attacks on the Nord Stream pipelines. That's not the only issue, though. Attacks on CNI's cybersecurity are on the rise, in part due to a rising threat from nation-state actors but also because cybercriminals are becoming more aware of the potential financial rewards of depriving customers of a crucial service. The convergence of OT and IT technologies is also giving cybercriminals a potentially much bigger attack surface to work with.

While historically security has not been viewed as a crucial factor for OT, this needs to change with a greater focus on technical solutions like network traffic segmentation and continuous monitoring. Only then will businesses be able to stop a potentially catastrophic breach to CNI.