Cyberattacks on Infrastructure & Industrial Targets Are a Weapon of War for Russia
Ransomware and malware are tools used for a myriad of purposes by cybercriminals with devastating results. That’s a big reason why ransomware and malware are the go-to moves of nation-state cybercriminals. Unfortunately, malware and ransomware can be evolved to strike quickly as has been illustrated by data wipers targeting Ukrainian computers as a component of Russia’s invasion. Experts have been warning for years that ransomware and malware can easily be wielded as weapons of war. Right now, many of those experts fear that Russia-aligned threat actors are pointing that weapon toward industrial targets and critical infrastructure in Ukraine and other nations that support it.
Learn the secret to ransomware defense in Cracking the RANSOMWARE Code. GET BOOK>>
Digital Weapons of War Are Here
Experts around the world have asserted for years that modern wars will carry a heavy component of cyberattack and hacking activity, and they were right. Nation-state threat actors are targeting infrastructure components using malware and ransomware in the Russia/Ukraine conflict. CISA cautions that attacks and damage from the cyberwar component of this conflict may spread beyond Ukraine, saying in an advisory: “Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region.”
Microsoft, who has announced their corporate support of Ukraine after Russia’s unprovoked invasion, has stepped up to offer assistance in guarding against cyberattacks on Ukraine’s first responders and infrastructure. The company disclosed that it had discovered a new malware package at work in Ukraine, likely dispatched by Russian threat actors, Microsoft said that this new malware this operation specifically targeted key infrastructure points, dubbing it FoxBlade, was discovered on February 24, by Microsoft’s Threat Intelligence Center (MSTIC). Microsoft asserts that they immediately made the Ukrainian government aware of the situation providing technical advice on steps to prevent the malware’s success.
Ukraine is no stranger to Russian hacking impacting its critical systems and infrastructure. In 2015, suspected Russia-aligned hackers cut off the power in parts of Ukraine temporarily, then did it again to Kyiv in December 2016. Russian hackers were also behind the notorious NotPetya malware that was originally dispatched in an attempt to knock out government and infrastructure targets in Ukraine in 2017 before spreading widely throughout the world. Ukrainian officials and operators of potentially targeted infrastructure are well aware of the danger of further attacks, resulting in a higher level of preparedness than Moscow may have been counting on. Ukraine is the second most cyberattacked country in the world (the US is #1) and recently became a member of NATO’s malware information-sharing network.
AI is the secret weapon you’re looking for to boost business email security. SEE WHY>>
Industrial & Infrastructure Ransomware Are Growing
Last year’s major incidents at Colonial Pipeline and JBS served as notices that cyberattacks can do major damage to a country’s infrastructure and essential manufacturing operations. Those examples also struck fear into governments around the world, who grew deeply concerned about protecting their essentials from cyberattacks in both times of peace and times of war. The impact of ransomware and malware attacks like those rippled far into the mainstream, drawing additional awareness of the need for industrial and infrastructure targets to maintain strong security.
Critical infrastructure is definitely firmly in cybercriminal sights. A report from Claroty shows that a whopping 80% of critical infrastructure organizations experienced a ransomware attack in the last year. Of the 80% of respondents who experienced a ransomware attack, 47% reported an impact to their industrial control system (ICS) environment. That may not seem like a big deal at first, but critical infrastructure operators losing control of their ICS is potentially catastrophic. It also makes ransomware an even more powerful weapon for nation-state threat actors.
See how to avoid cybercriminal sharks in Phishing 101. DOWNLOAD IT>>
More Information Gives APTs Better Chances for Success
Bad actors will only get better at hijacking operational technology. Stealing information about operational technology (OT) and industrial controls will help them architect ransomware attacks that are even more effective, and they’re getting their hands on that data at an alarming rate. In a study on the dangers that cyber dangers like ransomware attacks could have for operational technology, Mandiant analysts discovered that one in seven attacks exposed sensitive information about operational technology. Out of 3,000 data leaks originating from ransomware attacks, the study identified at least 1,300 exposures from critical infrastructure and industrial production organizations that use OT.
Advanced Persistent Threat (APT) groups could seriously benefit from that information. Some of the information that researchers found exposed in dark web data dumps from OT information snatching includes usernames and passwords, IP addresses, remote services, asset tags, original equipment manufacturer (OEM) information, operator panels, network diagrams and more information that is exactly the kind of data that APTs need to plan effective cyberattacks on industrial and critical infrastructure targets.
Automated security isn’t a luxury. See why Graphus is a smart buy.
Manufacturing Was the Top Industry Attacked in 2021
IBM’s X-Force Threat Intelligence Index 2021 drilled deeper into the industrial and infrastructure cybersecurity space to determine which industries came under siege the most in 2021. Their researchers determined that the manufacturing sector replaced financial services as the top attacked industry in 2021, victimized in 23.2% of the attacks X-Force remediated last year. Of course, just like everyone else, those sectors faced ransomware threats more than any other kind. Ransomware was the top attack type, accounting for 23% of attacks on manufacturing companies.
OT Industries Targeted, 2021
| Industry | % of Total |
|---|---|
| Manufacturing | 61% |
| Oil & Gas | 11% |
| Transportation | 10% |
| Utilities | 10% |
| Mining | 7% |
| Heavy & Civil Engineering | 1% |
Operational technology was the root of much of the trouble. More than 60% of incidents at OT-connected organizations last year were in the manufacturing industry. In addition, 36% of attacks on OT-connected organizations were ransomware. Overall, analysts determined that for all industries with OT networks that they’d observed in 2021 including operations in engineering, mining, utilities, oil and gas, transportation and manufacturing, ransomware was the primary attack type they faced by a large margin, the vehicle for 36% of all attacks on the sector.
Attack Types on OT, 2021
| Attack Type | % of Total |
|---|---|
| Ransomware | 36% |
| Server access | 18% |
| DDoS | 11% |
| Credential harvesting | 9% |
| Insider | 9% |
| RAT | 9% |
| Botnet | 4% |
| Webshell | 2% |
| Worm | 2% |
Still relying on an old-fashioned SEG? See why Graphus is better! SEE THE COMPARISON>>
Cybercrime is a Business Too
Why is attacking industrial targets in fashion for cybercriminals right now? IBM speculates that it is because cybercriminals know that manufacturers and similar organizations have a very low tolerance for downtime, meaning they’re more likely to pay. They’re right – more than 60% of industrial organizations that were hit by ransomware last year paid the ransom, which for more than half of the impacted companies ran to $500,000 or more. In a breakdown of ransom amounts, researchers determined that 45% of industrial victims faced a ransom in the $500,000 to $5,000,000 range, and 48% were hit with a ransom demand below $500,000. But for about 7% of impacted organizations, the cybercriminals aimed high, and those companies were looking at a ransom in excess of $5,000,000.
Unfortunately, the organizations that were hit by ransomware were faced with a complex decision. Many of them did the math and found paying the extortionists more affordable than the shutdown that a recovery might require – the majority of industrial and manufacturing targets estimated their organization’s loss in revenue per hour of downtime equal to or greater than the amount the bad guys were demanding. Between the high chance of scoring a big payout and the damage that can be done in a nation-state capacity, organizations in the critical infrastructure and manufacturing sectors need to devote significant resources to improving their defenses to withstand the tide of trouble.
Stop Ransomware from Hitting Your Organization by Eliminating Its Most Likely Path to Your Door: Phishing Messages
Stop phishing with Graphus – the most simple, automated & affordable phishing defense available.
TrustGraph is the star of the show, keeping potentially dangerous emails away from staffers.
- Your first layer of defense against phishing, TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes.
- Machine learning enables the TrustGraph AI to learn from each analysis it completes, adding that information to its knowledge base to continually refine your protection and spot new threats without human intervention.
Graphus makes it easy for users to report suspicious messages and get help in case of trouble.
- EmployeeShield adds a bright, noticeable box to messages that could be dangerous, empowering staffers to report that message with one click for administrator inspection.
- Phish911 makes it a snap for users to report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review.
