Hundreds of thousands of homes across western Ukraine were suddenly left without power last December after a massive blackout. Though power was eventually restored, this event should serve as a wakeup call for governments around the world, not just because of the severity, but due to the cause.
The blackout marks the first publicly confirmed hacker-caused power outage in history, with the BlackEnergy malware deemed to be responsible for infecting the systems of three of Ukraine’s regional operators. The group behind the attack, the Sandworm Gang, is also believed to be responsible for previous attacks on government agencies within Ukraine and Poland, including a 2014 data breach targeting NATO.
Just weeks after the blackout in Ukraine, Israel’s Energy Minister Yuval Steinitz announced that hackers had launched a “severe” malware attack targeting the national Electricity Authority. Though Steinitz claimed the attack didn’t result in any power outages, the organization’s computer systems were shut down for two days following the attack, according to The Times of Israel.
Similar events continue to add up across the globe, with the parliament of Western Australia announcing a Trojan virus had made many of their computers and phones inoperable.
Keeping up with growing threats
The world of cybercrime expands each day, leading to the current state of affairs in which even national infrastructure organizations are vulnerable to the growing sophistication of hackers. To newsreaders around the world, the ability of hackers to worm their way into critical infrastructure and even cause mass blackouts is understandably shocking. To those with a deep familiarity of the cybersecurity field, this handful of recent events, while still incredibly alarming, may not come as such a surprise.
Although on the decline, many organizations have a legacy of utilizing outdated IT and operating systems, such as Windows XP, that are no longer supported by manufacturers. To explain why, speed of innovation isn’t a driving factor in general IT – once something is deemed functional and reliable with a good safety record, there is less motivation to update or upgrade it.
More alarmingly to the IT cyber security layman, malware running on ICS networks can be tolerated for longer periods, provided it does not disrupt operations, which does not fit the logic generally used in IT.
Most disturbingly, there is minimal legislation globally to drive cyber risk reduction to protect ICS. Though it is no doubt a bold statement, no government is highly motivated to make any significant changes to the status quo when addressing the risks associated with Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. The question must be asked, is this intentional government policy to allow some the world’s largest organizations the freedom to operate with fewer restrictions?
While enterprises risk losing vast amounts of money and the goodwill of their customers, national infrastructure organizations who don’t have adequate security measures in place are potentially putting the livelihoods – and even lives – of their citizens at risk.
The face of cybercrime
In many cases, cybercriminals are using social engineering to make their way into crucial systems. Hackers will utilize advanced intelligence gathering tactics that can include anything from social media, professional networking websites, through to acquiring metadata from a number of sources, such as documents intercepted during exchange, in order to identify information such as user IDs, server paths, software versions and even employee reference data. This activity helps the hacker profile employees, supply chains, internal workflows, processes and procedures, and is an information leak that must be plugged in the discovery process.
Due to the advancing capabilities of hackers and the ever decreasing adequacy of traditional perimeter security solutions, national infrastructure operators must turn towards innovation to solve the cyber security gaps that will only grow wider over time. Any change is fraught with unique challenges, but cyber security needs to be tackled head on if the organizations responsible for supplying our clean water, electricity and fuel can be trusted as proactively tackling this complicated problem.
The attack on Ukraine’s power grid could be seen as a proverbial floodgate, unleashing a slew of similar attacks on unprepared infrastructure organizations. Whether this will be the case has yet to be seen, though the big question remains – what is the worst thing a person or group could do to a critical asset if they possessed the intent, access and knowledge to perform a malicious act?
Keeping in mind the knowledge of what is now possible, these organizations would be wise to adopt a solution that can guarantee they don’t become the next target of the new face of cybercrime.