Hackers are laying siege to critical infrastructure: Here's how to fight back
Critical infrastructure is vital for the proper functioning of our society and economy. It is almost impossible to imagine life without a robust network of hospitals, airports, power utilities and schools. While many people may take these services for granted, you can be sure that cyber attackers understand how dependent we are on them.
President Joe Biden's 12 May executive order, titled "Improving the Nation's Cyber Security", states that "the United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people's security and privacy."
Critical infrastructure is vulnerable precisely because it is so important. These essential services can significantly disrupt public life when shut down for even a day or two. The bad guys know there is a lot at stake if they disrupt these systems. They know they have a solid chance to make a quick profit because the costs and labour associated with manually recovering from ransomware are so high that the victims often pay the ransom to maintain service continuity.
Look no further than the Colonial Pipeline ransomware attack that took down the largest fuel pipeline in the US and temporarily caused fuel shortages up and down the East Coast. In testimony before the Senate Committee on Homeland Security and Governmental Affairs, Colonial Pipeline CEO Joseph Blount admitted his company paid the hackers nearly $5 million in ransom just a day after discovering malware on its systems.
A problem that is getting worse
The reality is that critical infrastructure, operated by federal, state and local agencies, is getting hit by increasingly frequent ransomware attacks. According to the most recent State of Ransomware report from Emsisoft, nearly 2 400 US-based governments, healthcare facilities and schools were victimised by ransomware attacks last year. In some instances, these attacks even had life-threatening consequences, disrupting 911 services, forcing ambulances carrying critically ill patients to be redirected, and delaying medical treatment.
It is safe to say we can expect more of the same. Why? Because while ransomware has evolved and attacks have accelerated, spending on critical infrastructure modernisation has failed to keep pace. The public sector broadly relies on tried-and-true technologies that worked in the past but are getting long in the tooth. Indeed, many agencies continue to use outdated hardware, software, and networks vulnerable to today's persistent threats.
Add to this the rapid shift to virtual operations in the wake of the COVID-19 pandemic. Organisations create, share and access data from remote locations on less secure networks, and hackers have pounced. Bitdefender reports that ransomware attacks jumped an eye-watering 485% in 2020, and many of the targets are in the public sector. Recently, Tulsa, Oklahoma, one of the 50 largest cities in the US, was brought to its knees by a ransomware attack that impacted the city's network and knocked out official websites.
There is even a new trend called ransomware as a service (RaaS). This subscription-based model enables virtually anyone to use already-developed ransomware tools to launch attacks. The developers of the malware line their pockets by taking a percentage of each ransom payment received.
Overall, the cyber crime problem is now immense, with damages totaling $6 trillion a year, notes Cybercrime magazine. Put all the cyber criminals in one place and make them a nation, and they would have the world's third-largest economy, after the US and China.
3-2-1-1 data-protection provides defense
All government agencies must improve their efforts to identify, deter, protect against, detect and respond to these actions and actors. So, what can the public sector do to defend itself and our critical infrastructure?
One of the first steps it should take is to adopt the 3-2-1-1 data-protection strategy. The 3-2-1-1 strategy directs that you have three backup copies of your data on two different media, such as disk and tape, with one of those copies located offsite for disaster recovery. The final one in this equation is immutable object storage.
Immutable object storage safeguards information continuously by taking snapshots of it every 90 seconds. Even if disaster strikes, you can quickly recover your data. Immutable snapshots are read-only versions of metadata for data and files. These snapshots provide point-in-time data recovery. Snapshots enable you to roll back to a previous file state in downtime, natural disaster, or ransomware attack. Immutable snapshots cannot be altered, overwritten, or deleted, so they safeguard data integrity from loss due to human error, hardware failure, or ransomware attack.
With immutable snapshots, schools could better safeguard student, faculty, and business records and protect data from accidental deletion or cyber theft. Healthcare organisations, for their part, could ensure the smooth and uninterrupted delivery of services and operations — even during a disaster or ransomware attack.
Critical infrastructure can be kept up and running with the right cyber security strategy and ultimately withstand the worst that cyber criminals can throw at it.